hackney

4.0.2

4.0.2 4.0.1 4.0.0 3.2.1 3.2.0 3.1.2 3.1.1 3.1.0 3.0.3 3.0.2 3.0.1 3.0.0 retired 2.0.1 2.0.0 2.0.0-beta.1 1.25.0 1.24.1 1.24.0 1.23.0 1.22.0 1.21.0 1.20.1 1.20.0 1.19.1 1.19.0 1.18.2 1.18.1 1.18.0 1.17.4 1.17.3 1.17.2 1.17.1 1.17.0 1.16.0 1.15.2 1.15.1 1.15.0 1.14.3 1.14.2 1.14.0 1.13.0 1.12.1 1.12.0 1.11.0 1.10.1 1.10.0 1.9.0 1.8.6 1.8.5 1.8.4 1.8.3 1.8.2 1.8.0 1.7.1 1.7.0 1.6.6 retired 1.6.5 1.6.4 retired 1.6.3 1.6.2 1.6.1 1.6.0 1.5.7 1.5.6 1.5.5 1.5.4 1.5.3 1.5.2 1.5.1 1.5.0 1.4.10 1.4.8 1.4.7 1.4.6 1.4.5 1.4.4 1.4.3 1.4.2 1.4.1 1.4.0 1.3.2 1.3.1 1.3.0 1.2.0 1.1.0 1.0.6 1.0.5 1.0.2 1.0.1 0.15.2 0.15.0 0.14.3 0.14.2 0.14.1 0.14.0 0.13.1

Simple HTTP client with HTTP/1.1, HTTP/2, and HTTP/3 support

HexDocs HexPreview

Current section

12 Advisories

Jump to

Readme 96 Versions 7 Dependencies 540 Dependants 12 Advisories Activity

EEF-CVE-2026-47073 CVE-2026-47073 GHSA-q8jg-fgj4-fphf

Unbounded memory consumption in WebSocket client in hackney

May 25, 2026

CVSS

8.7 / 10.0 High

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Versions

>= 2.0.0 and < 4.0.1

References

EEF-CVE-2026-47067 CVE-2026-47067 GHSA-9653-rcfr-5c62

Atom table exhaustion via unrecognized URL schemes in hackney

May 25, 2026

CVSS

8.7 / 10.0 High

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Versions

>= 2.0.0 and < 4.0.1

References

EEF-CVE-2026-47072 CVE-2026-47072 GHSA-f9vr-g2g2-x9fg

CRLF injection in WebSocket upgrade request in hackney

May 25, 2026

CVSS

6.9 / 10.0 Medium

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N

Affected Versions

>= 2.0.0 and < 4.0.1

References

EEF-CVE-2026-47076 CVE-2026-47076 GHSA-pj7v-xfvx-wmjq

SSRF allowlist bypass via percent-encoded host in hackney

May 25, 2026

CVSS

6.9 / 10.0 Medium

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Affected Versions

>= 0.13.0 and < 4.0.1

References

EEF-CVE-2026-47070 CVE-2026-47070 GHSA-h73q-4w9q-82h4

HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect target in hackney

May 25, 2026

CVSS

6.0 / 10.0 Medium

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Versions

>= 3.1.1 and < 4.0.1

References

EEF-CVE-2026-47075 CVE-2026-47075 GHSA-j9wq-vxxc-94wf

CR/LF injection in query parameter in hackney

May 25, 2026

CVSS

6.8 / 10.0 Medium

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N

Affected Versions

< 4.0.1

References

EEF-CVE-2026-47077 CVE-2026-47077 GHSA-jq4m-q6p2-8gwc

Unbounded body accumulation in HTTP/3 response loop in hackney

May 25, 2026

CVSS

8.2 / 10.0 High

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Versions

>= 2.0.0 and < 4.0.1

References

EEF-CVE-2026-47071 CVE-2026-47071 GHSA-gp9c-pm5m-5cxr

SOCKS5 TLS upgrade ignores caller timeout in hackney

May 25, 2026

CVSS

8.2 / 10.0 High

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Versions

>= 0.10.0 and < 4.0.1

References

EEF-CVE-2026-47066 CVE-2026-47066 GHSA-6cp8-v795-jr2j

Infinite loop in Alt-Svc header parser in hackney

May 25, 2026

CVSS

8.7 / 10.0 High

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Versions

>= 2.0.0-beta.1 and < 4.0.1

References

EEF-CVE-2026-47069 CVE-2026-47069 GHSA-mp55-p8c9-rfw2

CRLF injection in cookie domain/path options in hackney

May 25, 2026

CVSS

2.1 / 10.0 Low

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

Affected Versions

>= 0.9.0 and < 4.0.1

References

GHSA-9fm9-hp7p-53mf CVE-2025-3864

Hackney fails to properly release HTTP connections to the pool

May 28, 2025

CVSS

2.3 / 10.0 Low

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Versions

< 1.24.0

References

GHSA-vq52-99r9-h5pw CVE-2025-1211

Server-side Request Forgery (SSRF) in hackney

February 11, 2025

CVSS

2.9 / 10.0 Low

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L/E:P

Affected Versions

< 1.21.0

References

Checksum

Dependency Config

mix.exs

rebar.config

Gleam

erlang.mk

Package Details

Downloads Last 30 days, all versions

this version

yesterday

15 914

last 7 days

276 454

all time

167 826 489

Last Updated

May 25, 2026

License

Apache-2.0

Build Tools

rebar3

Publisher

benoitc

Owners

benoitc

Operator	Description	Example
name:	Match package name. Supports * wildcards and repo/package form	name:phx* or name:hexpm/phoenix
description:	Full-text search of package descriptions	description:auth
depends:	Packages depending on a given package. Supports repo:package form	depends:ecto or depends:hexpm:ecto
build_tool:	Filter by build tool	build_tool:mix
updated_after:	Packages updated after an ISO8601 datetime	updated_after:2025-01-01T00:00:00Z
extra:	Match custom metadata (key,value). Nested keys are separated by commas	extra:license,MIT

hackney

Checksum

Dependency Config

Package Details

Links

Owners

Search filters