Is cowboy safe to use?

cowboy has 1 known vulnerabilities on the latest version (2.16.1). DepScope rates its health at 54/100 (high risk).

What is the latest version of cowboy?

The latest version of cowboy is 2.16.1, released 2026-06-11.

Does cowboy have known vulnerabilities?

Yes. cowboy has 1 known vulnerabilities. See depscope.dev/pkg/hex/cowboy for details.

What are alternatives to cowboy?

DepScope has no curated alternatives for cowboy at this time.

cowboy

hexv2.16.1deprecated

Small, fast, modern HTTP server.

License ISCpermissive33 versions3 maintainers0 deps297,658 weekly dl

ninenines/cowboy

/ 100

Health

find alternative

cowboy is deprecated — find an alternative

Update to >= 5c6a2061b41bb5771c4659fac7d5a822dca5bafb to fix known vulnerabilities

Moderate health score (54/100) — verify manually
1 high severity vulnerabilities
Package is deprecated

Health breakdown0 – 100

25/25

maintenance

14/20

popularity

20/25

security

15/15

maturity

10/15

community

Vulnerabilities

1 high

Advisories (1)

Severity	ID	Summary	Fixed in
high	CVE-2026-8466	Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy	5c6a2061b41bb5771c4659fac7d5a822dca5bafb

OSS Scorecard

OpenSSF security posture score

3.0/10

weak

Maintainer trust

Active maintainers (3m)

1

Contributors (12m)

4

Primary author dominance

85%

GitHub stars

7,487

single active maintainer 3m

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/hex/cowboy

First published · 2014-08-01T16:10:58.000000Z

Last updated · 2026-06-11T09:03:07.395575Z