| CVE-2026-47073 |
high |
7.5 |
7.5 |
3d ago |
Unbounded memory consumption in WebSocket client in hackney |
|
| CVE-2026-47067 |
high |
7.5 |
7.5 |
3d ago |
Atom table exhaustion via unrecognized URL schemes in hackney |
|
| CVE-2026-47077 |
high |
7.5 |
7.5 |
3d ago |
Unbounded body accumulation in HTTP/3 response loop in hackney |
|
| CVE-2026-47071 |
high |
7.5 |
7.5 |
3d ago |
SOCKS5 TLS upgrade ignores caller timeout in hackney |
|
| CVE-2026-47066 |
high |
7.5 |
7.5 |
3d ago |
Infinite loop in Alt-Svc header parser in hackney |
|
| CVE-2026-47076 |
medium |
6.5 |
6.5 |
3d ago |
SSRF allowlist bypass via percent-encoded host in hackney |
|
| CVE-2025-1211 |
medium |
6.5 |
6.5 |
1y ago |
Server-side Request Forgery (SSRF) in hackney |
|
| CVE-2026-47070 |
medium |
6.1 |
6.1 |
3d ago |
HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect target in hackney |
|
| CVE-2026-47069 |
medium |
5.3 |
5.3 |
3d ago |
CRLF injection in cookie domain/path options in hackney |
|
| CVE-2026-47072 |
unknown |
— |
— |
3d ago |
CRLF injection in WebSocket upgrade request in hackney |
|
| CVE-2026-47075 |
unknown |
— |
— |
3d ago |
CR/LF injection in query parameter in hackney |
|
| CVE-2025-3864 |
unknown |
— |
— |
1y ago |
Hackney fails to properly release HTTP connections to the pool |
|