Phoenixframework Phoenix vulnerabilities
3 known vulnerabilities affecting phoenixframework/phoenix.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2017-1000163P3MEDIUMCVSS 6.1PoCv1.0.0v1.0.1+13 more2017-11-17
CVE-2017-1000163 [MEDIUM] CWE-601 CVE-2017-1000163: The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0
The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks.
ghsanvdosv
CVE-2026-32689P3HIGHCVSS 8.7≥ 1.7.0, < 1.7.22≥ 1.8.0, < 1.8.6+1 more2026-05-05
CVE-2026-32689 [HIGH] CWE-770 CVE-2026-32689: Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allow
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling.
In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson, the request body is split on newline characters using
ghsanvd
CVE-2022-42975P3HIGHCVSS 7.5fixed in 1.6.142022-10-17
CVE-2022-42975 [HIGH] CWE-863 CVE-2022-42975: socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView app
socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token.
ghsanvdosv