— Hex
EEF-CVE-2026-47068 · CVE-2026-47068, GHSA-mrhx-6pw9-q5fh Cross-session PubSub topic injection via URL parameter in phoenix_storybook
Modified: 5/27/2026
package
Hex / phoenix_storybook
pkg:hex/phoenix_storybook
— Hex
EEF-CVE-2026-8467 · CVE-2026-8467, GHSA-55hg-8qxv-qj4p Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground
Modified: 5/27/2026
— Hex
EEF-CVE-2026-8469 · CVE-2026-8469, GHSA-833p-95jq-929q Unauthenticated denial-of-service via BEAM atom table exhaustion in phoenix_storybook
Modified: 5/27/2026
CRITICAL Hex
GHSA-55hg-8qxv-qj4p · CVE-2026-8467, EEF-CVE-2026-8467 PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground
Modified: 6/9/2026
HIGH Hex
GHSA-833p-95jq-929q · CVE-2026-8469, EEF-CVE-2026-8469 PhoenixStorybook: Unbounded atom creation from LiveView event params (atom-table DoS)
Modified: 6/9/2026
LOW Hex
GHSA-mrhx-6pw9-q5fh · CVE-2026-47068, EEF-CVE-2026-47068 PhoenixStorybook has cross-session PubSub topic injection via URL parameter
Modified: 6/9/2026