SafeBinaryToTerm flags `Plug.Crypto.non_executable_binary_to_term/2` calls that omit the `:safe` option. Decoding attacker-controlled input without `:safe` interns arbitrary atoms and can exhaust the atom table, crashing the node.
github.com/Jump-App/cre...
