Security Reports for CPAN Authors
We have added a new guide on Security Reports for CPAN Authors.
Welcome to the CPAN Security Group. This is a community effort for supporting and responding to security incidents on CPAN β the Comprehensive Perl Archive Network.
This group also cares about security-related topics around CPAN distributions, the CPAN/PAUSE infrastructure, and about tooling and the ecosystem in general. Over time, we aim to improve supply chain security, make CPAN a more secure and trustworthy publishing platform, and more.
CPANSec is the CVE Numbering Authority (CNA) for CPAN and Perl.
On CPAN, improving security is a volunteer-driven collaborative effort. If you care and would like to make a contribution, you canβ¦
We have added a new guide on Security Reports for CPAN Authors.
We have added a CPANSec CNA and CVE Frequently Asked Questions (FAQ).
We have added the CNA Vulnerability to Fix and Disclosure Workflow that describes our process from receiving vulnerability reports to vulnerability publishing.
The MetaCPAN website now displays security advisories when you view a distribution with a known security advistory on it.
There is no official specification or request for comments⦠A side-effect is that the security is often overlooked.
The end of cpan.org email forwarding
CPANSec year 2025 in review: Website updates, CVEs published, conference talks held, security modules written and guidelines published.
The 2-argument open function is insecure