Announcing the April Task Force
A project for strengthening the CPAN CNA function, and more.
Welcome to the CPAN Security Group. This is a community effort for supporting and responding to security incidents on CPAN β the Comprehensive Perl Archive Network.
This group also cares about security-related topics around CPAN distributions, the CPAN/PAUSE infrastructure, and about tooling and the ecosystem in general. Over time, we aim to improve supply chain security, make CPAN a more secure and trustworthy publishing platform, and more.
CPANSec is the CVE Numbering Authority (CNA) for CPAN and Perl.
On CPAN, improving security is a volunteer-driven collaborative effort. If you care and would like to make a contribution, you canβ¦
A project for strengthening the CPAN CNA function, and more.
At the Perl Toolchain Summit in April 2026, members of the CPANSec CNA discussed disclosure periods and decided to reduce the default disclosure date (βembar...
We have added a new guide on Security Reports for CPAN Authors.
We have added a CPANSec CNA and CVE Frequently Asked Questions (FAQ).
There is no official specification or request for comments⦠A side-effect is that the security is often overlooked.
The end of cpan.org email forwarding
CPANSec year 2025 in review: Website updates, CVEs published, conference talks held, security modules written and guidelines published.
The 2-argument open function is insecure