Security: elixir-plug/plug
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Multipart `:length` limit is not charged for file uploadsGHSA-95qv-c9g9-rm63 published
Jul 9, 2026 by josevalimModerate -
Cookie attribute injection: `encode/2` interpolates attribute values without escapingGHSA-wpmj-jh88-rpgm published
Jul 9, 2026 by josevalimLow -
Plug: quadratic-time decoding of nested query/body parameters enables denial of serviceGHSA-j43x-5hjq-rgxf published
Jun 23, 2026 by josevalimHigh -
Unbounded buffer accumulation in multipart header parsing causes denial of service in PlugGHSA-468c-vq7p-gh64 published
May 14, 2026 by josevalimHigh
Learn more about advisories related to elixir-plug/plug in the GitHub Advisory Database