plug

1.19.2

1.19.2 1.19.1 1.19.0 1.18.2 1.18.1 1.18.0 1.17.1 1.17.0 1.16.3 1.16.2 1.16.1 1.16.0 1.15.4 1.15.3 1.15.2 1.15.1 1.15.0 1.14.2 1.14.1 1.14.0 1.13.6 1.13.5 1.13.4 1.13.3 1.13.2 1.13.1 retired 1.13.0 retired 1.12.1 1.12.0 1.11.1 1.11.0 1.10.4 1.10.3 1.10.2 1.10.1 1.10.0 1.9.0 1.8.3 1.8.2 1.8.1 1.8.0 1.7.2 1.7.1 1.7.0 1.6.4 1.6.3 1.6.2 1.6.1 1.6.0 1.5.1 1.5.0 1.5.0-rc.2 1.5.0-rc.1 1.5.0-rc.0 1.4.5 1.4.4 1.4.3 1.4.2 1.4.1 1.4.0 1.4.0-rc.0 1.3.6 1.3.5 1.3.4 1.3.3 1.3.2 1.3.1 1.3.0 1.2.6 1.2.5 1.2.4 1.2.3 1.2.2 1.2.1 1.2.0 1.2.0-rc.0 1.1.9 1.1.8 1.1.7 1.1.6 1.1.5 1.1.4 1.1.3 1.1.2 1.1.1 1.1.0 1.0.6 1.0.5 1.0.4 1.0.3 1.0.2 1.0.1 1.0.0 0.14.0 0.13.1 0.13.0 0.12.2 0.12.1 0.12.0 0.11.3 0.11.2 0.11.1 0.11.0 0.10.0 0.9.0 0.8.4 0.8.3 0.8.2 0.8.1 0.8.0 0.7.0 0.6.0 0.5.3 0.5.2 0.5.1 0.5.0 0.4.4 0.4.3 0.4.2 0.4.1

Compose web applications with functions

HexDocs HexPreview

Current section

4 Advisories

Jump to

Readme 120 Versions 3 Dependencies 1159 Dependants 4 Advisories Activity

EEF-CVE-2026-8468 CVE-2026-8468 GHSA-468c-vq7p-gh64

Unbounded buffer accumulation in multipart header parsing causes denial of service in plug

May 14, 2026

CVSS

8.2 / 10.0 High

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Versions

>= 1.18.0 and < 1.18.2 >= 1.17.0 and < 1.17.1 >= 1.16.0 and < 1.16.3 >= 1.4.0 and < 1.15.4 >= 1.19.0 and < 1.19.2

References

GHSA-9h73-w7ch-rh73 CVE-2018-1000883

Header Injection

April 12, 2022

CVSS

6.5 / 10.0 Medium

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected Versions

>= 1.3.0 and < 1.3.5 >= 1.2.0 and < 1.2.5 >= 1.1.0 and < 1.1.9 < 1.0.6

References

GHSA-5v4m-c73v-c7gq CVE-2017-1000053

Arbitrary Code Execution in Cookie Serialization

April 12, 2022

CVSS

8.1 / 10.0 High

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Versions

< 1.0.4 >= 1.1.0 and < 1.1.7 >= 1.2.0 and < 1.2.3 >= 1.3.0 and < 1.3.2

References

GHSA-2q6v-32mr-8p8x CVE-2017-1000052

Null Byte Injection in Plug.Static

April 12, 2022

CVSS

7.8 / 10.0 High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Versions

>= 1.1.0 and < 1.1.7 >= 1.2.0 and < 1.2.3 >= 1.3.0 and < 1.3.2 < 1.0.4

References

Checksum

Dependency Config

mix.exs

rebar.config

Gleam

erlang.mk

Package Details

Downloads Last 30 days, all versions

this version

420 594

yesterday

48 564

last 7 days

325 252

all time

158 896 922

Last Updated

May 14, 2026

License

Apache-2.0

Build Tools

mix

Publisher

josevalim

Operator	Description	Example
name:	Match package name. Supports * wildcards and repo/package form	name:phx* or name:hexpm/phoenix
description:	Full-text search of package descriptions	description:auth
depends:	Packages depending on a given package. Supports repo:package form	depends:ecto or depends:hexpm:ecto
build_tool:	Filter by build tool	build_tool:mix
updated_after:	Packages updated after an ISO8601 datetime	updated_after:2025-01-01T00:00:00Z
extra:	Match custom metadata (key,value). Nested keys are separated by commas	extra:license,MIT

plug

Checksum

Dependency Config

Package Details

Links

Owners

Search filters