ash has 3 known vulnerabilities on the latest version (3.24.3). DepScope rates its health at 37/100 (critical risk).

What is the latest version of ash?

The latest version of ash is 3.24.3, released 2026-04-17.

Does ash have known vulnerabilities?

Yes. ash has 3 known vulnerabilities. See depscope.dev/pkg/hex/ash for details.

What are alternatives to ash?

DepScope has no curated alternatives for ash at this time.

ash

hexv3.24.3deprecated

A declarative, extensible framework for building Elixir applications.

License MITpermissive867 versions1 maintainers0 deps11,741 weekly dl

ash-project/ash

/ 100

Health

find alternative

ash is deprecated — find an alternative

Update to >= 8b83efa225f657bfc3656ad8ee8485f9b2de923d to fix known vulnerabilities

Low health score (37/100)
3 high severity vulnerabilities
Package is deprecated

Health breakdown0 – 100

25/25

maintenance

10/20

popularity

10/25

security

15/15

maturity

7/15

community

Vulnerabilities

3 high

Advisories (3)

Severity	ID	Summary	Fixed in
high	CVE-2025-48042	Before action hooks may execute in certain scenarios despite a request being forbidden	5d1b6a5d00771fd468a509778637527b5218be9a
high	CVE-2025-48043	Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization	66d81300065b970da0d2f4528354835d2418c7ae
high	CVE-2025-48044	Authorization bypass when bypass policy condition evaluates to true	8b83efa225f657bfc3656ad8ee8485f9b2de923d

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/hex/ash

First published · 2019-12-04T15:25:31.904973Z

Last updated · 2026-04-17T12:53:25.590419Z

ash