Skip to content

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Company

About us
Blog
Learn
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Home
Vendors
Ash Project

ash-project Vulnerabilities: CVEs, CISA KEV & Security Advisories

6 CVEs

ash-project Vulnerabilities

CVE security advisories and vulnerability history for ash-project.

6

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

2

Public exploits

With known exploit

6.7

Avg CVSS

2024–2026

Overview

ash-project has 6 published CVE records since 2024, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 2 have a known public exploit. The average CVSS base score across scored CVEs is 6.7.

This page aggregates every publicly disclosed vulnerability (CVE) affecting ash-project products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of ash-project's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical0

High4

Medium1

Low1

In CISA’s Known Exploited Vulnerabilities catalog

0

None of ash-project's CVEs are currently listed in CISA's KEV catalog.

Public exploits

2

2 of ash-project's CVEs have a known public exploit available.

Most affected products

The ash-project products with the most published CVEs.

ash4 CVEs
ash_authentication_phoenix1 CVEs
ash framework1 CVEs
ash_postgres1 CVEs
ashpostgres1 CVEs

Common weakness types

The CWE weakness categories most often found in ash-project CVEs. Follow any weakness for its full explanation.

CWE-863Incorrect Authorization3 CVEs
CWE-400Uncontrolled Resource Consumption1 CVE
CWE-552Files or Directories Accessible to External Parties1 CVE
CWE-613Insufficient Session Expiration1 CVE

CNAs that assign these CVEs

The CVE Numbering Authorities that publish ash-project CVE records.

EEF4 CVEs
GitHub_M2 CVEs

Disclosure activity by year

How many ash-project CVEs were published each year.

2024

1

2025

4

2026

1

Latest ash-project CVEs

The most recently disclosed vulnerabilities affecting ash-project.

Ash Framework: Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash
CWE-400
High · CVSS 8.2
EPSS 0.0%2026-04-02
Authorization bypass when bypass policy condition evaluates to true
CWE-863
High · CVSS 8.6
EPSS 0.0%2025-10-17
Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization
CWE-863
High · CVSS 8.6
EPSS 0.1%2025-10-10
Before action hooks may execute in certain scenarios despite a request being forbidden
CWE-863
High · CVSS 7.1
EPSS 0.1%2025-09-07
Missing Session Revocation on Logout in ash_authentication_phoenix
CWE-613
Low · CVSS 2.3
EPSS 0.5%2025-06-17
AshPostgres empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.
CWE-552
Medium · CVSS 5.3
EPSS 0.1%2024-10-23

Track new ash-project CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor ash-project CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

microsoft24,097 CVEs Linux19,131 CVEs google14,281 CVEs apple14,019 CVEs oracle10,440 CVEs debian10,201 CVEs IBM8,265 CVEs Adobe7,222 CVEs

Browse all vendors

Frequently asked questions

Common questions about ash-project vulnerabilities.

How many CVEs does ash-project have?

ash-project has 6 published CVE records since 2024, including 5 in the last two years.

How many ash-project CVEs are in CISA KEV?

None of ash-project's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Which ash-project products have the most CVEs?

The ash-project products with the most published CVEs are ash, ash_authentication_phoenix, ash framework, ash_postgres, ashpostgres.

What are the most common weakness types in ash-project CVEs?

ash-project's CVEs most often map to these CWE weakness types: CWE-863 (Incorrect Authorization), CWE-400 (Uncontrolled Resource Consumption), CWE-552 (Files or Directories Accessible to External Parties), CWE-613 (Insufficient Session Expiration).

Are there public exploits for ash-project vulnerabilities?

Yes — 2 of ash-project's CVEs have a known public exploit.

What is the average severity of ash-project CVEs?

The average CVSS base score across ash-project's scored CVEs is 6.7.

References

The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to
CNA directory: the CNAs that assign these CVEs

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track ash-project vulnerabilities

Monitor new ash-project vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Most affected products
Common weakness types
Assigning CNAs
Disclosure activity
Latest CVEs
Other vendors
FAQ
References