ash_authentication

4.14.1

5.0.0-rc.11 5.0.0-rc.10 5.0.0-rc.9 5.0.0-rc.8 5.0.0-rc.7 5.0.0-rc.6 5.0.0-rc.5 5.0.0-rc.4 5.0.0-rc.3 5.0.0-rc.2 5.0.0-rc.1 5.0.0-rc.0 4.14.1 4.14.0 4.13.7 4.13.6 4.13.5 4.13.4 4.13.3 4.13.2 retired 4.13.1 retired 4.13.0 4.12.0 4.11.0 4.10.0 4.9.9 4.9.8 4.9.7 4.9.6 4.9.5 4.9.4 4.9.3 4.9.2 4.9.1 4.9.0 4.8.7 4.8.6 4.8.5 4.8.3 4.8.2 4.8.1 4.8.0 4.7.6 4.7.5 4.7.4 4.7.3 4.7.2 4.7.1 4.7.0 4.6.4 4.6.3 4.6.2 4.6.1 4.6.0 4.5.6 4.5.5 4.5.4 4.5.3 4.5.2 4.5.1 4.5.0 4.4.9 4.4.8 4.4.7 4.4.6 4.4.5 4.4.4 4.4.3 4.4.2 4.4.1 4.4.0 4.3.12 4.3.11 4.3.10 4.3.9 4.3.8 4.3.7 4.3.6 4.3.5 4.3.4 4.3.3 4.3.2 4.3.1 4.3.0 4.2.7 4.2.6 4.2.5 4.2.4 4.2.3 4.2.2 4.2.1 4.2.0 4.1.0 4.0.4 4.0.3 4.0.2 4.0.1 4.0.0 4.0.0-rc.6 4.0.0-rc.5 4.0.0-rc.3 4.0.0-rc.2 4.0.0-rc.1 4.0.0-rc.0 3.12.4 3.12.3 3.12.2 3.12.1 3.12.0 3.11.16 3.11.15 3.11.14 3.11.13 3.11.12 3.11.11 3.11.10 3.11.9 3.11.8 3.11.7 3.11.6 3.11.5 3.11.4 3.11.3 3.11.2 3.11.1 3.11.0 3.10.8 3.10.7 3.10.6 3.10.5 3.10.4 3.10.3 3.10.2 3.10.1 3.10.0 3.9.6 3.9.5 3.9.4 3.9.3 3.9.2 3.9.1 3.9.0 3.8.0 3.7.9 3.7.8 3.7.6 3.7.5 3.7.4 3.7.3 3.7.2 3.7.1 3.7.0 3.6.1 3.6.0 3.5.3 3.5.2 3.5.1 3.5.0 3.3.1 3.3.0 3.2.2 3.2.1 3.2.0 3.1.0 3.0.3

Authentication extension for the Ash Framework.

HexDocs HexPreview

Current section

3 Advisories

Jump to

Readme 165 Versions 13 Dependencies 8 Dependants 3 Advisories Activity

EEF-CVE-2026-49757 CVE-2026-49757 GHSA-777c-2fxx-qr28

OAuth2/OIDC account takeover in AshAuthentication via email-based user matching

June 15, 2026

CVSS

9.2 / 10.0 Critical

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Versions

>= 0.1.0 and < 4.14.0 >= 5.0.0-rc.0 and < 5.0.0-rc.10

References

GHSA-3988-q8q7-p787 CVE-2025-32782

ash_authentication has email link auto-click account confirmation vulnerability

April 14, 2025

CVSS

5.3 / 10.0 Medium

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Versions

< 4.7.0

References

GHSA-qrm9-f75w-hg4c CVE-2025-25202

Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`

February 11, 2025

CVSS

6.3 / 10.0 Medium

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Versions

>= 4.1.0 and < 4.4.9

References

Checksum

Dependency Config

mix.exs

rebar.config

Gleam

erlang.mk

Package Details

Downloads Last 30 days, all versions

this version

1 933

yesterday

2 173

last 7 days

14 855

all time

689 033

Last Updated

Jun 15, 2026

License

MIT

Build Tools

mix

Publisher

jamesotron

Operator	Description	Example
name:	Match package name. Supports * wildcards and repo/package form	name:phx* or name:hexpm/phoenix
description:	Full-text search of package descriptions	description:auth
depends:	Packages depending on a given package. Supports repo:package form	depends:ecto or depends:hexpm:ecto
build_tool:	Filter by build tool	build_tool:mix
updated_after:	Packages updated after an ISO8601 datetime	updated_after:2025-01-01T00:00:00Z
extra:	Match custom metadata (key,value). Nested keys are separated by commas	extra:license,MIT

ash_authentication

Checksum

Dependency Config

Package Details

Links

Owners

Search filters