plug

1.19.1

1.19.1 1.19.0 1.18.1 1.18.0 1.17.0 1.16.2 1.16.1 1.16.0 1.15.3 1.15.2 1.15.1 1.15.0 1.14.2 1.14.1 1.14.0 1.13.6 1.13.5 1.13.4 1.13.3 1.13.2 1.13.1 retired 1.13.0 retired 1.12.1 1.12.0 1.11.1 1.11.0 1.10.4 1.10.3 1.10.2 1.10.1 1.10.0 1.9.0 1.8.3 1.8.2 1.8.1 1.8.0 1.7.2 1.7.1 1.7.0 1.6.4 1.6.3 1.6.2 1.6.1 1.6.0 1.5.1 1.5.0 1.5.0-rc.2 1.5.0-rc.1 1.5.0-rc.0 1.4.5 1.4.4 1.4.3 1.4.2 1.4.1 1.4.0 1.4.0-rc.0 1.3.6 1.3.5 1.3.4 1.3.3 1.3.2 1.3.1 1.3.0 1.2.6 1.2.5 1.2.4 1.2.3 1.2.2 1.2.1 1.2.0 1.2.0-rc.0 1.1.9 1.1.8 1.1.7 1.1.6 1.1.5 1.1.4 1.1.3 1.1.2 1.1.1 1.1.0 1.0.6 1.0.5 1.0.4 1.0.3 1.0.2 1.0.1 1.0.0 0.14.0 0.13.1 0.13.0 0.12.2 0.12.1 0.12.0 0.11.3 0.11.2 0.11.1 0.11.0 0.10.0 0.9.0 0.8.4 0.8.3 0.8.2 0.8.1 0.8.0 0.7.0 0.6.0 0.5.3 0.5.2 0.5.1 0.5.0 0.4.4 0.4.3 0.4.2 0.4.1

Compose web applications with functions

HexDocs HexPreview

Current section

3 Advisories

Jump to

Readme 115 Versions 3 Dependencies 1135 Dependants 3 Advisories Activity

GHSA-9h73-w7ch-rh73 CVE-2018-1000883

Header Injection

April 12, 2022

CVSS

6.5 / 10.0 Medium

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected Versions

< 1.0.6 >= 1.1.0 and < 1.1.9 >= 1.2.0 and < 1.2.5 >= 1.3.0 and < 1.3.5

References

GHSA-5v4m-c73v-c7gq CVE-2017-1000053

Arbitrary Code Execution in Cookie Serialization

April 12, 2022

CVSS

8.1 / 10.0 High

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Versions

< 1.0.4 >= 1.1.0 and < 1.1.7 >= 1.2.0 and < 1.2.3 >= 1.3.0 and < 1.3.2

References

GHSA-2q6v-32mr-8p8x CVE-2017-1000052

Null Byte Injection in Plug.Static

April 12, 2022

CVSS

7.8 / 10.0 High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Versions

< 1.0.4 >= 1.1.0 and < 1.1.7 >= 1.2.0 and < 1.2.3 >= 1.3.0 and < 1.3.2

References

Checksum

Dependency Config

mix.exs

rebar.config

Gleam

erlang.mk

Package Details

Downloads Last 30 days, all versions

this version

2 671 532

yesterday

59 411

last 7 days

316 212

all time

157 798 357

Last Updated

Dec 09, 2025

License

Apache-2.0

Build Tools

mix

Publisher

josevalim

Operator	Description	Example
name:	Match package name. Supports * wildcards and repo/package form	name:phx* or name:hexpm/phoenix
description:	Full-text search of package descriptions	description:auth
depends:	Packages depending on a given package. Supports repo:package form	depends:ecto or depends:hexpm:ecto
build_tool:	Filter by build tool	build_tool:mix
updated_after:	Packages updated after an ISO8601 datetime	updated_after:2025-01-01T00:00:00Z
extra:	Match custom metadata (key,value). Nested keys are separated by commas	extra:license,MIT

plug

Checksum

Dependency Config

Package Details

Links

Owners

Search filters