CPAN Security Group

Welcome to the CPAN Security Group. This is a community effort for supporting and responding to security incidents on CPAN – the Comprehensive Perl Archive Network.

This group also cares about security-related topics around CPAN distributions, the CPAN/PAUSE infrastructure, and about tooling and the ecosystem in general. Over time, we aim to improve supply chain security, make CPAN a more secure and trustworthy publishing platform, and more.

CPANSec is the CVE Numbering Authority (CNA) for CPAN and Perl.

Learn more & Contribute

On CPAN, improving security is a volunteer-driven collaborative effort. If you care and would like to make a contribution, you can…

Resources

Recent news

CPANSec CNA and CVE FAQ

less than 1 minute read

We have added a CPANSec CNA and CVE Frequently Asked Questions (FAQ).

CNA Vulnerability to Fix and Disclosure Workflow

less than 1 minute read

We have added the CNA Vulnerability to Fix and Disclosure Workflow that describes our process from receiving vulnerability reports to vulnerability publishing.

MetaCPAN now displays security advisories

less than 1 minute read

The MetaCPAN website now displays security advisories when you view a distribution with a known security advistory on it.

More…

Recent blog posts

CPANSec: 2025 Year in Review

8 minute read & al.

CPANSec year 2025 in review: Website updates, CVEs published, conference talks held, security modules written and guidelines published.

More…