Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

plug

Ecosystem:
hex
Package URL:
pkg:hex/plug
Total PRs:
157 Dependabot PRs
Latest PR:
16 days ago
Unique Repositories:
85 repositories
Unique Repos (30 days):
3 repositories
Security Advisories
Unbounded buffer accumulation in multipart header parsing causes denial of service in plug
EEF-CVE-2026-8468 GHSA-468c-vq7p-gh64 CVE-2026-8468 HIGH published 27 days ago • updated about 6 hours ago
## Summary Allocation of Resources Without Limits or Throttling vulnerability in plug\_project plug allows denial of service via unbounded buffer ...
Plug: Unbounded buffer accumulation in multipart header parsing causes denial of service
GHSA-468c-vq7p-gh64 CVE-2026-8468 HIGH published 21 days ago • updated 2 days ago
### Summary An Allocation of Resources Without Limits or Throttling vulnerability in `Plug.Conn.read_part_headers/2` allows an unauthenticated att...
Arbitrary Code Execution in Cookie Serialization
GHSA-5v4m-c73v-c7gq CVE-2017-1000053 HIGH published about 4 years ago • updated 1 day ago
The default serialization used by Plug session may result in code execution in certain situations. Keep in mind, however, the session cookie is s...
Null Byte Injection in Plug.Static
GHSA-2q6v-32mr-8p8x CVE-2017-1000052 HIGH published about 4 years ago • updated about 8 hours ago
Plug.Static is used for serving static assets, and is vulnerable to null byte injection. If file upload functionality is provided, this can allow...
Header Injection
GHSA-9h73-w7ch-rh73 CVE-2018-1000883 MODERATE published about 4 years ago • updated about 8 hours ago
Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added....
Recent PRs (filtered by: Patch PRs )
RSS Feed Clear filter
chore(deps-dev): bump plug from 1.19.1 to 1.19.2 in the elixir group

sgerrand/ex_deputy #70

1.19.1 → 1.19.2 Patch PR
Open 16 days ago 1 comment
sgerrand
deps(deps-dev): bump plug from 1.19.1 to 1.19.2

agentjido/llm_db #190

1.19.1 → 1.19.2 Patch PR
Open 23 days ago 1 comment
agentjido
deps:(deps): bump plug from 1.19.0 to 1.19.1

zoedsoupe/anubis-mcp #74

1.19.0 → 1.19.1 Patch PR
Open 6 months ago 1 comment
zoedsoupe
chore(deps-dev): bump the dev-dependencies group across 1 directory with 5 updates

ash-project/reactor_req #14

1.18.0 → 1.18.1 Patch PR
Open 9 months ago
ash-project
chore(deps): Bump plug from 1.18.0 to 1.18.1 in the prod group

lud/oaskit #13

1.18.0 → 1.18.1 Patch PR
Closed 10 months ago
lud
chore(deps): bump plug from 1.18.0 to 1.18.1

mrdotb/disco-log #100

1.18.0 → 1.18.1 Patch PR
Closed 10 months ago 1 comment
mrdotb
Bump plug from 1.18.0 to 1.18.1

dwyl/ping #41

1.18.0 → 1.18.1 Patch PR
Open 10 months ago
dwyl
deps(elixir): Bump plug from 1.18.0 to 1.18.1 in /elixir

KineticCafe/app_identity #251

1.18.0 → 1.18.1 Patch PR
Closed 10 months ago 1 comment
KineticCafe
Bump plug from 1.18.0 to 1.18.1

general-CbIC/poolex_prom_ex #45

1.18.0 → 1.18.1 Patch PR
Open 11 months ago
general-CbIC
Bump plug from 1.18.0 to 1.18.1

lucacorti/jsonapi_plug #104

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago
lucacorti
Bump plug from 1.18.0 to 1.18.1

ndrluis/ex_iceberg #25

1.18.0 → 1.18.1 Patch PR
Open 11 months ago
ndrluis
Bump plug from 1.18.0 to 1.18.1

mtrudel/bandit #506

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago
mtrudel
chore(deps): bump plug from 1.18.0 to 1.18.1 in the prod group

beam-community/redbird #94

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago
beam-community
build(deps): bump plug from 1.18.0 to 1.18.1

mimiquate/tower_rollbar #85

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago
mimiquate
Bump plug from 1.18.0 to 1.18.1

podium/simple_token_authentication #84

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago
podium
build(deps): bump plug from 1.18.0 to 1.18.1

profiq/discord-interactions-elixir #15

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago 1 comment
profiq
Bump plug from 1.18.0 to 1.18.1

dwyl/content #87

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago
dwyl
Bump plug from 1.18.0 to 1.18.1

ExWeb3/elixir_ethers #213

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago
ExWeb3
Bump plug from 1.18.0 to 1.18.1

mtrudel/excom #4

1.18.0 → 1.18.1 Patch PR
Closed 11 months ago
mtrudel
chore(deps): bump plug from 1.18.0 to 1.18.1 in the prod group

beam-community/bamboo #716

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago
beam-community
Bump plug from 1.18.0 to 1.18.1

primait/telepoison #213

1.18.0 → 1.18.1 Patch PR
Open 11 months ago
primait
Bump plug from 1.18.0 to 1.18.1

lucacorti/ankh #181

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago
lucacorti
Bump plug from 1.18.0 to 1.18.1

primait/auth0_ex #284

1.18.0 → 1.18.1 Patch PR
Open 11 months ago
primait
build(deps): bump plug from 1.18.0 to 1.18.1

jpcaruana/last_crusader #300

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago
jpcaruana
chore(deps): bump plug from 1.18.0 to 1.18.1 in the prod group

beam-community/scrivener_headers #38

1.18.0 → 1.18.1 Patch PR
Open 11 months ago
beam-community
Bump plug from 1.18.0 to 1.18.1

podium/uinta #99

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago
podium
chore(deps): bump plug from 1.18.0 to 1.18.1 in the prod group

beam-community/jsonapi #375

1.18.0 → 1.18.1 Patch PR
Open 11 months ago
beam-community
Bump plug from 1.18.0 to 1.18.1

johantell/moxinet #59

1.18.0 → 1.18.1 Patch PR
Open 11 months ago
johantell
Bump plug from 1.18.0 to 1.18.1

nerves-hub/nerves_hub_web #2191

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago
nerves-hub
chore(deps): bump the production-dependencies group with 6 updates

ash-project/ash_ai #85

1.18.0 → 1.18.1 Patch PR
Open 11 months ago
ash-project
chore(deps): bump the production-dependencies group with 4 updates

ash-project/ash_json_api #356

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago
ash-project
chore(deps): bump plug from 1.18.0 to 1.18.1

honeybadger-io/honeybadger-elixir #637

1.18.0 → 1.18.1 Patch PR
Open 11 months ago
honeybadger-io
Bump plug from 1.18.0 to 1.18.1 in /integration_test

aaronrenner/sims #97

1.18.0 → 1.18.1 Patch PR
Open 11 months ago 1 comment
aaronrenner
Bump plug from 1.18.0 to 1.18.1

erlef/mix-dependency-submission #148

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago 1 comment
erlef
chore(deps-dev): bump plug from 1.18.0 to 1.18.1 in the dev-dependencies group

ash-project/reactor_req #12

1.18.0 → 1.18.1 Patch PR
Open 11 months ago 1 comment
ash-project
build(deps): Bump plug from 1.18.0 to 1.18.1

mbta/http_stage #42

1.18.0 → 1.18.1 Patch PR
Closed 11 months ago 1 comment
mbta
Bump plug from 1.18.0 to 1.18.1

erlef/oid_certo #19

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago
erlef
chore(deps): bump plug from 1.18.0 to 1.18.1 in /platform_umbrella

mbergo/Bat-Inc #9

1.18.0 → 1.18.1 Patch PR
Open 11 months ago 1 comment
mbergo
build(deps): bump plug from 1.18.0 to 1.18.1 in /platform_umbrella

ai4design/batteries-included #12

1.18.0 → 1.18.1 Patch PR
Open 11 months ago 1 comment
ai4design
chore(deps): bump plug from 1.18.0 to 1.18.1 in /platform_umbrella

batteries-included/batteries-included #2271

1.18.0 → 1.18.1 Patch PR
Open 11 months ago 1 comment
batteries-included
Bump plug from 1.18.0 to 1.18.1

johantell/metatags #175

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago 1 comment
johantell
deps(deps): bump plug from 1.18.0 to 1.18.1

customeros/core #618

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago 1 comment
customeros
Bump plug from 1.18.0 to 1.18.1

primait/teleplug #178

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago
primait
Bump plug from 1.18.0 to 1.18.1

martide/trailing_slash_plug #58

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago
martide
chore(deps): bump plug from 1.18.0 to 1.18.1 in the production-dependencies group

ash-project/ash #2176

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago
ash-project
chore(deps): bump plug from 1.18.0 to 1.18.1

augustwenty/tenex #25

1.18.0 → 1.18.1 Patch PR
Open 11 months ago
augustwenty
build(deps): bump plug from 1.18.0 to 1.18.1

brianmay/phone_db #1072

1.18.0 → 1.18.1 Patch PR
Merged 11 months ago
brianmay
chore(deps): bump plug from 1.18.0 to 1.18.1 in the prod group

straw-hat-team/beam-monorepo #214

1.18.0 → 1.18.1 Patch PR
Open 11 months ago 1 comment
straw-hat-team
build(deps): bump the production-dependencies group across 1 directory with 3 updates

ash-project/ash_rate_limiter #27

1.18.0 → 1.18.1 Patch PR
Closed 11 months ago 1 comment
ash-project
Package Details
Name: plug
Ecosystem: hex
PURL Type: hex
Package URL: pkg:hex/plug
JSON API: View JSON
Security Advisories

5

Active advisories
HIGH 4
MODERATE 1
View All hex Advisories
Package Information
Description:

Compose web applications with functions

Repository: https://github.com/elixir-plug/plug
Homepage: https://github.com/elixir-plug/plug/blob/main/CHANGELOG.md
Latest Release: 1.18.0
about 1 year ago
Dependent Repos: 15,508
Dependent Packages: 891
Downloads: 144,010,627
Ranking: Top 0.0514% by dependent repos Top 0.0642% by downloads Top 0.0193% by dependent pkgs
PR Status
Open 59 (37.6%)
Merged 45 (28.7%)
Closed 43 (27.4%)
PR Types
Minor 98 (62.4%)
Patch 49 (31.2%)