Overview · elixir-plug/plug · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

Plug: quadratic-time decoding of nested query/body parameters enables denial of service
GHSA-j43x-5hjq-rgxf published Jun 23, 2026 by josevalim

High
Unbounded buffer accumulation in multipart header parsing causes denial of service in Plug
GHSA-468c-vq7p-gh64 published May 14, 2026 by josevalim

High

Learn more about advisories related to elixir-plug/plug in the GitHub Advisory Database