Known CVE vulnerabilities and GitHub Security Advisories affecting the Hex package hackney, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (12)
CVE-2026-47077 — CVSS 7.5 (high): Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackney_h3:await_response_loop/6…
CVE-2026-47067 — CVSS 7.5 (high): Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in…
CVE-2026-47071 — CVSS 7.5 (high): Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackney_socks5.erl…
CVE-2026-47073 — CVSS 7.5 (high): Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in…
CVE-2026-47075 — CVSS 7.5 (high): Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode…
CVE-2026-47066 — CVSS 7.5 (high): Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response…
CVE-2026-47076 — CVSS 6.5 (medium): Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackney_url:normalize/2 URL-decodes the host…
CVE-2025-1211 — CVSS 6.5 (medium): Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI…
CVE-2026-47070 — CVSS 6.1 (medium): Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in…