tesla

1.18.3

1.18.3 1.18.2 1.18.1 1.18.0 1.17.0 1.16.0 1.15.3 1.15.2 1.15.1 1.15.0 1.14.3 1.14.2 1.14.1 1.14.0 1.13.2 1.13.1 1.13.0 1.12.3 1.12.2 1.12.1 1.12.0 1.11.2 1.11.1 1.11.0 1.10.3 1.10.2 1.10.1 1.10.0 1.9.0 1.8.1 retired 1.8.0 1.7.0 1.6.1 1.6.0 1.5.1 1.5.0 1.4.4 1.4.3 1.4.2 1.4.1 1.4.0 1.3.3 1.3.2 1.3.1 1.3.0 1.2.1 1.2.0 1.1.0 1.0.0 1.0.0-beta.1 0.10.0 0.9.0 0.8.0 0.7.2 0.7.1 0.7.0 0.6.0 0.5.2 0.5.1 0.5.0 0.3.6 0.3.5 0.3.4 0.3.3 0.3.2 0.3.1 0.2.2 0.2.1 0.1.5 0.1.4 0.1.3 0.1.2 0.1.1 0.1.0

HTTP client library, with support for middleware and multiple adapters.

HexDocs HexPreview

Current section

5 Advisories

Jump to

Readme 74 Versions 15 Dependencies 512 Dependants 5 Advisories Activity

EEF-CVE-2026-48596 CVE-2026-48596 GHSA-q7jx-v53g-848w

CRLF injection in Tesla.Multipart.add_content_type_param/2 allows HTTP header injection

June 02, 2026

CVSS

2.1 / 10.0 Low

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

Affected Versions

>= 0.8.0 and < 1.18.3

References

EEF-CVE-2026-48594 CVE-2026-48594 GHSA-mc85-72gr-vm9f

Decompression bomb in Tesla.Middleware.DecompressResponse and Tesla.Middleware.Compression

June 02, 2026

CVSS

8.2 / 10.0 High

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Versions

>= 0.6.0 and < 1.18.3

References

EEF-CVE-2026-48595 CVE-2026-48595 GHSA-9m9w-gxf7-rh8m

Authorization header leaks to third-party origin on cross-origin redirect in Tesla.Middleware.FollowRedirects

June 02, 2026

CVSS

8.2 / 10.0 High

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Versions

>= 1.4.0 and < 1.18.3

References

EEF-CVE-2026-48597 CVE-2026-48597 GHSA-h74c-q9j7-mpcm

Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint

June 02, 2026

CVSS

8.2 / 10.0 High

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Versions

>= 1.3.0 and < 1.18.3

References

EEF-CVE-2026-48598 CVE-2026-48598 GHSA-28jh-g32x-v9v4

CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection

June 02, 2026

CVSS

2.1 / 10.0 Low

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

Affected Versions

>= 0.8.0 and < 1.18.3

References

Checksum

Dependency Config

mix.exs

rebar.config

Gleam

erlang.mk

Package Details

Downloads Last 30 days, all versions

this version

yesterday

23 088

last 7 days

143 093

all time

71 652 291

Last Updated

Jun 02, 2026

License

MIT

Build Tools

mix

Publisher

alchemist_ubi

Operator	Description	Example
name:	Match package name. Supports * wildcards and repo/package form	name:phx* or name:hexpm/phoenix
description:	Full-text search of package descriptions	description:auth
depends:	Packages depending on a given package. Supports repo:package form	depends:ecto or depends:hexpm:ecto
build_tool:	Filter by build tool	build_tool:mix
updated_after:	Packages updated after an ISO8601 datetime	updated_after:2025-01-01T00:00:00Z
extra:	Match custom metadata (key,value). Nested keys are separated by commas	extra:license,MIT

tesla

Checksum

Dependency Config

Package Details

Links

Owners

Search filters