postgrex

0.1.0

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse c...

HexDocs HexPreview

Current section

1 Advisory

Jump to

Readme 3 Versions 1 Dependency 101 Dependants 1 Advisory Activity

EEF-CVE-2026-32687 CVE-2026-32687 GHSA-r73h-97w8-m54h

SQL injection via channel name in Postgrex.Notifications.listen/3 and unlisten/3

May 12, 2026

CVSS

7.5 / 10.0 High

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Versions

>= 0.16.0 and < 0.22.2

References

https://cna.erlef.org/cves/CVE-2026-32687.html
https://github.com/elixir-ecto/ecto
https://github.com/elixir-ecto/ecto/security/advisories/GHSA-r73h-97w8-m54h
https://github.com/elixir-ecto/postgrex/commit/7cdedbd4316bb65f82e6a9a4f922c0ac491cb770
https://hex.pm/packages/postgrex
https://nvd.nist.gov/vuln/detail/CVE-2026-32687
https://osv.dev/vulnerability/EEF-CVE-2026-32687

Checksum

Dependency Config

mix.exs

rebar.config

Gleam

erlang.mk

Package Details

Downloads Last 30 days, all versions

this version

1 457 000

yesterday

last 7 days

all time

1 457 000

Last Updated

Oct 13, 2018

License

Apache 2.0

Build Tools

mix

Owners

eric
jose

Operator	Description	Example
name:	Match package name. Supports * wildcards and repo/package form	name:phx* or name:hexpm/phoenix
description:	Full-text search of package descriptions	description:auth
depends:	Packages depending on a given package. Supports repo:package form	depends:ecto or depends:hexpm:ecto
build_tool:	Filter by build tool	build_tool:mix
updated_after:	Packages updated after an ISO8601 datetime	updated_after:2025-01-01T00:00:00Z
extra:	Match custom metadata (key,value). Nested keys are separated by commas	extra:license,MIT

postgrex

Checksum

Dependency Config

Package Details

Links

Owners

Search filters