| CVE-2026-47073 |
high |
7.5 |
7.5 |
|
|
|
3d ago |
Unbounded memory consumption in WebSocket client in hackney |
| CVE-2026-47067 |
high |
7.5 |
7.5 |
|
|
|
3d ago |
Atom table exhaustion via unrecognized URL schemes in hackney |
| CVE-2026-47072 |
high |
7.5 |
7.5 |
|
|
|
3d ago |
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackney_ws.erl copies the host,… |
| CVE-2026-47075 |
high |
7.5 |
7.5 |
|
|
|
3d ago |
Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return (\r) or line feed (\n) characters in the URL … |
| CVE-2026-47077 |
high |
7.5 |
7.5 |
|
|
|
3d ago |
Unbounded body accumulation in HTTP/3 response loop in hackney |
| CVE-2026-47071 |
high |
7.5 |
7.5 |
|
|
|
3d ago |
SOCKS5 TLS upgrade ignores caller timeout in hackney |
| CVE-2026-47066 |
high |
7.5 |
7.5 |
|
|
|
3d ago |
Infinite loop in Alt-Svc header parser in hackney |
| CVE-2026-47076 |
medium |
6.5 |
6.5 |
|
|
|
3d ago |
SSRF allowlist bypass via percent-encoded host in hackney |
| CVE-2025-1211 |
medium |
6.5 |
6.5 |
|
|
|
1y ago |
Server-side Request Forgery (SSRF) in hackney |
| CVE-2026-47070 |
medium |
6.1 |
6.1 |
|
|
|
3d ago |
HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect target in hackney |
| CVE-2026-47069 |
medium |
5.3 |
5.3 |
|
|
|
3d ago |
CRLF injection in cookie domain/path options in hackney |