Latest #security Threads Top

brainlid
Episode 308 of Thinking Elixir. Elixir v1.20 has officially landed, marking a huge milestone as the language is now officially a graduall...
New
brainlid
Episode 307 of Thinking Elixir. Mark shares a bittersweet housekeeping update. The Thinking Elixir Podcast is winding down, with the fina...
New
brainlid
Episode 306 of Thinking Elixir. Security takes center stage this week as the EEF’s Jonatan Männchen highlights that atom exhaustion accou...
New
brainlid
Episode 305 of Thinking Elixir. News includes Elixir 1.20.0-rc.6 arriving as likely the final release candidate before v1.20.0 ships, com...
New
maennchen
:warning: Security advisory: Decimal DoS vulnerability A vulnerability has been published for decimal where very large exponents can cau...
New
Nicd
Following has been copied from the Erlef website: Vulnerability description Allocation of Resources Without Limits or Throttling vulnera...
New
brainlid
Episode 300 of Thinking Elixir. It’s Episode 300 — a milestone just under 6 years in the making! To celebrate, we kick things off with a ...
New
brainlid
Episode 298 of Thinking Elixir. News includes the hex.pm website getting a fresh new redesign, the Hex 2.4 package manager upgrading to O...
New
code-of-kai
Vet is a dependency security scanner for Elixir. It detects supply chain attacks by walking the AST of every dependency in your lock file...
New
eagle-head
Hi everyone, I’ve been researching Content Security Policy Level 3 support in Phoenix and wanted to share my findings and a proposal for...
New

This Week's Trending Top

This Month's Trending Top

brainlid
Episode 306 of Thinking Elixir. Security takes center stage this week as the EEF’s Jonatan Männchen highlights that atom exhaustion accou...
New
brainlid
Episode 307 of Thinking Elixir. Mark shares a bittersweet housekeeping update. The Thinking Elixir Podcast is winding down, with the fina...
New
brainlid
Episode 308 of Thinking Elixir. Elixir v1.20 has officially landed, marking a huge milestone as the language is now officially a graduall...
New

This Year's Trending Top

type1fool
WebAuthnLiveComponent WebAuthnComponents See this post about renaming the package. Passwordless authentication for Phoenix LiveView app...
New
voltone
Generates a dependency inventory, or “Software Bill-of-Materials” (SBoM), including package versions and licenses, in a format that can b...
New
code-of-kai
Vet is a dependency security scanner for Elixir. It detects supply chain attacks by walking the AST of every dependency in your lock file...
New
eagle-head
Hi everyone, I’ve been researching Content Security Policy Level 3 support in Phoenix and wanted to share my findings and a proposal for...
New
maennchen
:warning: Security advisory: Decimal DoS vulnerability A vulnerability has been published for decimal where very large exponents can cau...
New
maennchen
One package. One update. A worm crawling through the BEAM ecosystem. A dark “what if” — and how we can stop it before it’s real.
New
maennchen
OpenSSF Siren published a TLP:CLEAR advisory (March 1, 2026) about an ongoing attack campaign called “hackerbot-claw”. This is being expl...
New
engineeringdept
In 2026 double submit/session tokens are no longer necessary to prevent against CSRF attacks. Instead, we can use the Sec-Fetch-Site head...
New
Nicd
Following has been copied from the Erlef website: Vulnerability description Allocation of Resources Without Limits or Throttling vulnera...
New
AstonJ
Following on from part of the discussion in the Digital Nomads & Frequent Travellers (Tips/Advice/Chat) thread, I thought it might be...
New
paulsabou
Software in regulated industries must comply with: Auditability laws that require tamper-proof, long-term storage of event logs Privacy...
New
brainlid
Episode 300 of Thinking Elixir. It’s Episode 300 — a milestone just under 6 years in the making! To celebrate, we kick things off with a ...
New
dogweather
This may be a real beginner thing to be figuring out, but I’m working on both: Good security practices Phoenix module naming Here’s my...
New
brainlid
Episode 283 of Thinking Elixir. News includes celebrating Erlang’s 27th birthday as open source, results from the Elixir Hub 2025 survey ...
New
egze
Hey everyone! I just released CfBouncer, a small library that keeps your Cloudflare WAF block rules in sync with your Phoenix application...
New

Last Three Year's Trending Top

dokuzbir
This week i focus to web security. I read blogposts watch videos . As far as i know ecto queries protect us from SQL injection, changeset...
New
paulanthonywilson
I had a bit of a mini-adventure following Sobelow’s advice on adding a CSP to a Phoenix App. If you want to follow along, or want to add ...
New
acrolink
I have noticed that the session cookie is not set to secure, how to turn the secure flag on for Phoenix sessions?
New
iarekk
Just seen this on LinkedIn, and didn’t see any threads here. Looks like a severe problem with anything running xz library (brew lists it ...
New
lawik
So this is something I am working on for a client I will reference as REDACTED, because they are :slight_smile: I’ve discussed it a fair...
New
tangui
Hi all, The last weeks I’ve been working on a library implementing the server side of WebAuthn: Wax. Link: https://github.com/tanguilp/...
New
realcorvus
Hi Elixir Forum, I’ve been working on Paraxial.io for a while now, and am excited to announce the beta is officially live! Here’s the an...
New
l3nz
You may have seen that a critical security vulnerability has been disclosed in the OTP SSH implementation that could permit an attacker t...
New
voltone
Erlang/OTP’s :public_key application provides a set of high-level APIs for working with common PKI-related data structures. Under the hoo...
New
realcorvus
“Vision for a Secure Elixir Ecosystem: An Empirical Study of Vulnerabilities in Elixir Programs” was published by the ACM in April, 2022....
New
akoutmos
Howdy howdy everyone! @PJUllrich and I have built our first Pro library, Phx2Ban! Phx2Ban is a web application firewall that you can ins...
New
zingo
I’m learning Elixir and Phoenix now and really like it so far. However I started thinking of security. What is the history of 0day-explo...
New
josevalim
We were notified by Panagiotis Nezis that certain payloads could take a long time to process when converted to integers. New Erlang/OTP v...
New
apoorv-2204
How do I set security header for phoenix elixir application. I used this plug, but its not working. defmodule Provider.Plugs.SecurityHe...
New
p4d50
Hi guys, I have a question, so I’m wondering what is the best way to do this? I’m using Phoenix gen command, for generating liveview co...
New

Trending Over Three Years Top

griffinbyatt
Sobelow Sobelow is a security-focused static analysis tool for the Phoenix framework. For security researchers, it is a useful tool for g...
New
pggalaviz
Hi everybody, I’m working on a new API, and digging (once again, why not?) on how to provide auth capabilities to it, I found an interes...
New
Eiji
At start some definitions: HTTPS (is a protocol for secure communication over a computer network which is widely used on the Internet) -...
New
ferd
Bad news. You have to upgrade Rebar3. We just noticed that SSL validation had been partially disabled for years. I’ve written up all the...
New
Crowdhailer
I’m trying to set up an elixir application that uses OpenID connect for authentication. I don’t want to roll my own security so I am usin...
New
pedromvieira
Recently we passed a security audit for a new customer that used some security analysis tools and they pointed out some Blind SQL Injecti...
New
kerryb
Hi, I use sobelow to highlight potential security issues, and the latest version has started warning if no content-security-policy heade...
New
ASCrookes
Hello, I have recently been working with Phoenix Channels. The whole process has been incredibly straightforward so far! The one thing I...
New
Exadra37
Today I saw this newsletter: The interesting bit is in the clairvoyance part of the newsletter, where it reveals us a new tool to reve...
New
cgraham
Hello, I am trying to get an alexa skill certified by Amazon. As part of the certification process, they want the server to validate th...
New
marcin
Hi! How can I disable introspection in Absinthe/GraphQL? I would like the GraphQL API to respond only to defined queries and mutations,...
New
SpoonWood
Hello Everyone, We are using LiveView to build a feature that displays some information in the admin dashboard of our Application, but w...
New
arnomi
I find myself quite often in the following situation. Colleague: “Elixir/Erlang is problematic because we cannot secure the VM (i.e. Bea...
New
vlad.grb
Is there any way to protect and obfuscate my elixir application? Is it required at all? As I understood I can remove debug info but does ...
New
greysteil
I’ve been looking for an open-source database of Elixir vulnerabilities, similar to The Ruby Advisory Database, The RustSec Advisory Data...
New
  • Follow
  • Join
  • Shape
the conversation

Latest on Elixir Forum

Elixir Forum

Similar Portals

    None added yet

We're in Beta

About us Mission Statement