Phenixdigital Phoenix Storybook vulnerabilities
3 known vulnerabilities affecting phenixdigital/phoenix_storybook.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1LOW1
Vulnerabilities
Page 1 of 1
CVE-2026-8467P2CRITICALCVSS 9.5≥ 0.5.0, < 1.1.0≥ e35379dfe2ef1a71b141899e36f431017c55265d, < 56ab8464d4375fa52db806148a06cce126ad481d2026-05-20
CVE-2026-8467 [CRITICAL] CWE-94 CVE-2026-8467: Code Injection vulnerability in phenixdigital phoenix_storybook allows unauthenticated remote code e
Code Injection vulnerability in phenixdigital phoenix_storybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation.
The psb-assign WebSocket event handler in 'Elixir.PhoenixStorybook.Story.PlaygroundPreviewLive':handle_event/3 accepts arbitrary attribute names and values from unauth
ghsanvd
CVE-2026-8469P3HIGHCVSS 8.2≥ 0.2.0, < 1.1.0≥ 0228669d55c23a754d1ef11f49a32121129d5395, < 96d524690af0fe197a49f60d18e564a620b9ef812026-05-20
CVE-2026-8469 [HIGH] CWE-770 CVE-2026-8469: Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenix_storyboo
Allocation of Resources Without Limits or Throttling vulnerability in phenixdigital phoenix_storybook allows unauthenticated denial-of-service via BEAM atom table exhaustion.
Multiple LiveView event handlers convert user-supplied event parameter strings to atoms using String.to_atom/1 without validation: 'Elixir.PhoenixStorybook.ExtraAssignsHelpers':ha
ghsanvd
CVE-2026-47068P4LOWCVSS 2.3≥ 0.4.0, < 1.1.0≥ 8c2c97b0f505780fee4069988bf86736f51d35d7, < 6ee03f1c738d4436dde1b066cf65c80663d489f52026-05-20
CVE-2026-47068 [LOW] CWE-639 CVE-2026-47068: Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenix_storybook al
Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenix_storybook allows cross-session PubSub topic injection via a URL query parameter.
'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handle_params/3 in lib/phoenix_storybook/live/story/component_iframe_live.ex reads a PubSub topic directly from params["topic"] and
ghsanvd