CPAN Security Group

Welcome to the CPAN Security Group. This is a community effort for supporting and responding to security incidents on CPAN – the Comprehensive Perl Archive Network.

This group also cares about security-related topics around CPAN distributions, the CPAN/PAUSE infrastructure, and about tooling and the ecosystem in general. Over time, we aim to improve supply chain security, make CPAN a more secure and trustworthy publishing platform, and more.

CPANSec is the CVE Numbering Authority (CNA) for CPAN and Perl.

Learn more & Contribute

On CPAN, improving security is a volunteer-driven collaborative effort. If you care and would like to make a contribution, you can…

Resources

Recent news

CPANSec Has Revised Our Default Disclosure Dates

less than 1 minute read

At the Perl Toolchain Summit in April 2026, members of the CPANSec CNA discussed disclosure periods and decided to reduce the default disclosure date (β€œembar...

CPANSec CNA and CVE FAQ

less than 1 minute read

We have added a CPANSec CNA and CVE Frequently Asked Questions (FAQ).

More…

Recent blog posts

CPANSec: 2025 Year in Review

8 minute read & al.

CPANSec year 2025 in review: Website updates, CVEs published, conference talks held, security modules written and guidelines published.

More…