Packages

decimal

2.3.0

2.3.0 0.1.0 0.0.2 0.0.1

Arbitrary precision decimal arithmetic.

Security advisory: This version has known vulnerabilities. View advisories

HexDocs HexPreview

Current section

1 Advisory

Jump to

Readme 4 Versions 0 Dependencies 103 Dependants 1 Advisory Activity

EEF-CVE-2026-32686 CVE-2026-32686 GHSA-rhv4-8758-jx7v

Unbounded exponent in decimal enables unauthenticated DoS

May 07, 2026

CVSS

6.9 / 10.0 Medium

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Versions

>= 0.1.0 and < 3.0.0

References

https://cna.erlef.org/cves/CVE-2026-32686.html
https://github.com/ericmj/decimal
https://github.com/ericmj/decimal/commit/6a523f3a73b8c9974540e21c7aa88f1258bb35ae
https://github.com/ericmj/decimal/releases/tag/v3.0.0
https://github.com/ericmj/decimal/security/advisories/GHSA-rhv4-8758-jx7v
https://hex.pm/packages/decimal
https://nvd.nist.gov/vuln/detail/CVE-2026-32686
https://osv.dev/vulnerability/EEF-CVE-2026-32686

Checksum

Dependency Config

mix.exs

rebar.config

Gleam

erlang.mk

Package Details

Downloads Last 30 days, all versions

this version

yesterday

last 7 days

all time

1 457 000

Last Updated

Sep 19, 2025

License

Apache-2.0

Build Tools

mix

Publisher

eric

Owners

eric

Operator	Description	Example
name:	Match package name. Supports * wildcards and repo/package form	name:phx* or name:hexpm/phoenix
description:	Full-text search of package descriptions	description:auth
depends:	Packages depending on a given package. Supports repo:package form	depends:ecto or depends:hexpm:ecto
build_tool:	Filter by build tool	build_tool:mix
updated_after:	Packages updated after an ISO8601 datetime	updated_after:2025-01-01T00:00:00Z
extra:	Match custom metadata (key,value). Nested keys are separated by commas	extra:license,MIT

decimal

Checksum

Dependency Config

Package Details

Links

Owners

Search filters