— Hex
EEF-CVE-2026-49757 · CVE-2026-49757, GHSA-777c-2fxx-qr28 OAuth2/OIDC account takeover in AshAuthentication via email-based user matching
Modified: 6/15/2026
package
Hex / ash_authentication
pkg:hex/ash_authentication
MEDIUM 5.3 Hex
GHSA-3988-q8q7-p787 · CVE-2025-32782 ash_authentication has email link auto-click account confirmation vulnerability
Modified: 12/10/2025
MEDIUM Hex
GHSA-qrm9-f75w-hg4c · CVE-2025-25202 Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`
Modified: 12/10/2025