hackney
4.4.5
Simple HTTP client with HTTP/1.1, HTTP/2, and HTTP/3 support
Current section
12 Advisories
Jump to
Current section
12 Advisories
Atom table exhaustion via unrecognized URL schemes in hackney
Affected Versions
References
- https://cna.erlef.org/cves/CVE-2026-47067.html
- https://github.com/benoitc/hackney
- https://github.com/benoitc/hackney/commit/31f6f0e27e096ad88743dfded4f030a3ee74972e
- https://github.com/benoitc/hackney/security/advisories/GHSA-9653-rcfr-5c62
- https://hex.pm/packages/hackney
- https://nvd.nist.gov/vuln/detail/CVE-2026-47067
- https://osv.dev/vulnerability/EEF-CVE-2026-47067
Unbounded memory consumption in WebSocket client in hackney
Affected Versions
References
- https://cna.erlef.org/cves/CVE-2026-47073.html
- https://github.com/benoitc/hackney
- https://github.com/benoitc/hackney/commit/ce0109e2970ace6e20ff29bae9d05c3ac22ec6dc
- https://github.com/benoitc/hackney/security/advisories/GHSA-q8jg-fgj4-fphf
- https://hex.pm/packages/hackney
- https://nvd.nist.gov/vuln/detail/CVE-2026-47073
- https://osv.dev/vulnerability/EEF-CVE-2026-47073
CRLF injection in WebSocket upgrade request in hackney
Affected Versions
References
- https://cna.erlef.org/cves/CVE-2026-47072.html
- https://github.com/benoitc/hackney
- https://github.com/benoitc/hackney/commit/52310ca807e7b48441ba0e9129171f535313fdd1
- https://github.com/benoitc/hackney/security/advisories/GHSA-f9vr-g2g2-x9fg
- https://hex.pm/packages/hackney
- https://nvd.nist.gov/vuln/detail/CVE-2026-47072
- https://osv.dev/vulnerability/EEF-CVE-2026-47072
CR/LF injection in query parameter in hackney
Affected Versions
References
- https://cna.erlef.org/cves/CVE-2026-47075.html
- https://github.com/benoitc/hackney
- https://github.com/benoitc/hackney/commit/ca73dd0aba0ed557449c18288bf07241671a43c9
- https://github.com/benoitc/hackney/security/advisories/GHSA-j9wq-vxxc-94wf
- https://hex.pm/packages/hackney
- https://nvd.nist.gov/vuln/detail/CVE-2026-47075
- https://osv.dev/vulnerability/EEF-CVE-2026-47075
Unbounded body accumulation in HTTP/3 response loop in hackney
Affected Versions
References
- https://cna.erlef.org/cves/CVE-2026-47077.html
- https://github.com/benoitc/hackney
- https://github.com/benoitc/hackney/commit/3d25f9fea26c90609de9d64366fedfe5065413bc
- https://github.com/benoitc/hackney/security/advisories/GHSA-jq4m-q6p2-8gwc
- https://github.com/ex-aws/ex_aws_sns/security/advisories/GHSA-8jgf-23q5-x7xx
- https://hex.pm/packages/hackney
- https://nvd.nist.gov/vuln/detail/CVE-2026-47077
- https://osv.dev/vulnerability/EEF-CVE-2026-47077
HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect target in hackney
Affected Versions
References
- https://cna.erlef.org/cves/CVE-2026-47070.html
- https://github.com/benoitc/hackney
- https://github.com/benoitc/hackney/commit/c58d5b50bade146360b85caf3dc8065807b08246
- https://github.com/benoitc/hackney/security/advisories/GHSA-h73q-4w9q-82h4
- https://hex.pm/packages/hackney
- https://nvd.nist.gov/vuln/detail/CVE-2026-47070
- https://osv.dev/vulnerability/EEF-CVE-2026-47070
SSRF allowlist bypass via percent-encoded host in hackney
Affected Versions
References
- https://cna.erlef.org/cves/CVE-2026-47076.html
- https://github.com/benoitc/hackney
- https://github.com/benoitc/hackney/commit/452620a92ec1da2e6b4862a049a2a4f04b42068f
- https://github.com/benoitc/hackney/security/advisories/GHSA-pj7v-xfvx-wmjq
- https://hex.pm/packages/hackney
- https://nvd.nist.gov/vuln/detail/CVE-2026-47076
- https://osv.dev/vulnerability/EEF-CVE-2026-47076
CRLF injection in cookie domain/path options in hackney
Affected Versions
References
- https://cna.erlef.org/cves/CVE-2026-47069.html
- https://github.com/benoitc/hackney
- https://github.com/benoitc/hackney/commit/8e02b99c28aea1b3fa2ddc0e66f51fe5bb0ac540
- https://github.com/benoitc/hackney/security/advisories/GHSA-mp55-p8c9-rfw2
- https://hex.pm/packages/hackney
- https://nvd.nist.gov/vuln/detail/CVE-2026-47069
- https://osv.dev/vulnerability/EEF-CVE-2026-47069
SOCKS5 TLS upgrade ignores caller timeout in hackney
Affected Versions
References
- https://cna.erlef.org/cves/CVE-2026-47071.html
- https://github.com/benoitc/hackney
- https://github.com/benoitc/hackney/commit/5ccdab725c561a6f03d05a51f2d0664f98236dae
- https://github.com/benoitc/hackney/security/advisories/GHSA-gp9c-pm5m-5cxr
- https://hex.pm/packages/hackney
- https://nvd.nist.gov/vuln/detail/CVE-2026-47071
- https://osv.dev/vulnerability/EEF-CVE-2026-47071
Infinite loop in Alt-Svc header parser in hackney
Affected Versions
References
- https://cna.erlef.org/cves/CVE-2026-47066.html
- https://github.com/benoitc/hackney
- https://github.com/benoitc/hackney/commit/e548aba1f97ffa3f4750da7b772998fb78c01894
- https://github.com/benoitc/hackney/security/advisories/GHSA-6cp8-v795-jr2j
- https://hex.pm/packages/hackney
- https://nvd.nist.gov/vuln/detail/CVE-2026-47066
- https://osv.dev/vulnerability/EEF-CVE-2026-47066
Hackney fails to properly release HTTP connections to the pool
Affected Versions
Server-side Request Forgery (SSRF) in hackney
Affected Versions
References
- https://gist.github.com/snoopysecurity/996de09ec0cfd0ebdcfdda8ff515deb1
- https://github.com/benoitc/hackney
- https://github.com/benoitc/hackney/commit/9594ce58fabd32cd897fc28fae937694515a3d4a
- https://github.com/benoitc/hackney/releases/tag/1.21.0
- https://nvd.nist.gov/vuln/detail/CVE-2025-1211
- https://security.snyk.io/vuln/SNYK-HEX-HACKNEY-6516131
- https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf
Checksum
Dependency Config
mix.exs
rebar.config
Gleam
erlang.mk
Package Details
this version
13 977
yesterday
46 163
last 7 days
250 807
all time
169 265 572