{"package":"plug","ecosystem":"hex","latest_version":"1.19.2","description":"Compose web applications with functions","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/elixir-plug/plug","repository":"https://github.com/elixir-plug/plug","downloads_weekly":337293,"health":{"score":53,"risk":"high","breakdown":{"maintenance":25,"popularity":14,"security":20,"maturity":15,"community":9},"deprecated":true,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":1,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2026-8468","severity":"high","summary":"Unbounded buffer accumulation in multipart header parsing causes denial of service in plug","affected_versions":">=1.4.0,<1.15.4|>=1.16.0,<1.16.3|>=1.17.0,<1.17.1|>=1.18.0,<1.18.2|>=1.19.0,<1.19.2|>=c52b2f32c90bccd718202bafccb5f95594e30183,<33858427c7f2737d560a2e40a0c9a9270d77d1d7|=1.10.0|=1.10.1|=1.10.2|=1.10.3|=1.10.4|=1.11.0|=1.11.1|=1.12.0|=1.12.1|=1.13.0|=1.13.1|=1.13.2|=1.13.3|=1.13.4|=1.13.5|=1.13.6|=1.14.0|=1.14.1|=1.14.2|=1.15.0|=1.15.1|=1.15.2|=1.15.3|=1.16.0|=1.16.1|=1.16.2|=1.17.0|=1.18.0|=1.18.1|=1.19.0|=1.19.1|=1.4.0|=1.4.1|=1.4.2|=1.4.3|=1.4.4|=1.4.5|=1.5.0|=1.5.0-rc.0|=1.5.0-rc.1|=1.5.0-rc.2|=1.5.1|=1.6.0|=1.6.1|=1.6.2|=1.6.3|=1.6.4|=1.7.0|=1.7.1|=1.7.2|=1.8.0|=1.8.1|=1.8.2|=1.8.3|=1.9.0|=v1.15.3|=v1.16.2|=v1.17.0|=v1.18.1|=v1.19.1|=v1.18.0|=v1.16.1|=v1.16.0|=v1.15.2|=v1.15.1|=v1.15.0|=v1.14.2|=v1.14.1|=v1.14.0|=v1.13.5|=v1.13.4|=v1.13.3|=v1.13.2|=v1.13.1|=v1.13.0|=v1.12.1|=v1.12.0|=v1.11.1|=v1.11.0|=v1.10.3|=v1.10.2|=v1.10.1|=v1.10.0|=v1.9.0|=v1.8.2|=v1.8.1|=v1.8.0|=v1.7.2|=v1.7.1|=v1.7.0|=v1.6.1|=v1.6.0|=v1.5.1|=v1.5.0|=v1.5.0-rc.2|=v1.5.0-rc.1|=v1.4.3|=v1.5.0-rc.0|=v1.4.2|=v1.4.1|=v1.4.0|=v1.4.0-rc.0","fixed_version":"33858427c7f2737d560a2e40a0c9a9270d77d1d7","source":"osv","published_at":"2026-05-14T10:29:51.062Z","in_kev":false,"epss_prob":0.00269,"epss_percentile":0.50775,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"1.19.2","total_count":120,"recent":["1.19.2","1.19.1","1.19.0","1.18.2","1.18.1","1.18.0","1.17.1","1.17.0","1.16.3","1.16.2","1.16.1","1.16.0","1.15.4","1.15.3","1.15.2","1.15.1","1.15.0","1.14.2","1.14.1","1.14.0"]},"metadata":{"deprecated":true,"deprecated_message":null,"maintainers_count":4,"first_published":"2014-04-23T18:58:52.000000Z","last_published":"2026-05-14T09:20:07.319120Z","dependencies_count":0,"dependencies":[]},"github_stats":{"stars":3002,"forks":603,"open_issues":4,"is_archived":false,"pushed_at":"2026-06-12T11:47:15Z","subscribers_count":84},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"find_alternative","issues":["Moderate health score (53/100) — verify manually","1 high severity vulnerabilities","Package is deprecated"],"use_version":"1.19.2","version_hint":"Update to >= 33858427c7f2737d560a2e40a0c9a9270d77d1d7 to fix known vulnerabilities","summary":"plug is deprecated — find an alternative"},"version_scoped":null,"_meta":{"endpoint":"check","tier":"full","philosophy":"DepScope is free. Use the cheapest endpoint that answers your real question.","cheaper_alternatives":[{"endpoint":"/api/exists/hex/plug","tokens_estimated":12,"use_when":"you only need to know if the package exists (hallucination guard)"},{"endpoint":"/api/health/hex/plug","tokens_estimated":80,"use_when":"you only need a 0-100 score for go/no-go (>=70 = safe)"},{"endpoint":"/api/prompt/hex/plug","tokens_estimated":280,"use_when":"you want a plain-text LLM-friendly brief instead of JSON"},{"endpoint":"POST /api/check_bulk","tokens_estimated":60,"use_when":"you have 5+ packages to check; sends one round-trip instead of N"}],"docs":"https://depscope.dev/integrate","hint_bulk":"You've called /api/check 14 times in 60s. Save bandwidth + tokens with POST /api/check_bulk (1 round-trip for N pkgs)."},"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":5,"active_contributors_12m":21,"primary_author_ratio":0.4897959183673469,"owner_account_age_days":3207,"is_archived":false,"stars":3000,"alerts":[]},"malicious":{"is_malicious":false},"scorecard":{"available":true,"score":3.8,"tier":"weak"},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":4434,"last_release_days_ago":30,"avg_days_between_releases":233,"release_velocity":"active"}}