CPAN Security Group

A forum for coordinating and help resolving security issues on CPAN. CVE Numbering Authority (CNA) for Perl and CPAN. Subscribe, contribute or join!

CPANSec Blog Posts

CPANSec: 2025 Year in Review

January 31, 2026 8 minute read CPANSec Contributors & al.

CPANSec year 2025 in review: Website updates, CVEs published, conference talks held, security modules written and guidelines published.

Are you still using the 2-argument open?

June 6, 2025 1 minute read Robert Rothenberg

The 2-argument open function is insecure

CPANSec retrospective 2024

March 12, 2025 6 minute read Thibault Duponchelle

Here is the CPANSec 2024 Retrospective

Add a security policy to your distributions

January 5, 2025 1 minute read Robert Rothenberg

Adding a SECURITY or SECURITY.md file to your Perl distributions will let people know how to contact the maintainers if they find a security issue with your ...

CPAN Author’s Guide to Random Data for Security

January 3, 2025 less than 1 minute read Robert Rothenberg

Any secret token that allows someone to access a resource or perform an action should be generated with a secure random number generator…

Please keep your information up-to-date

December 31, 2024 less than 1 minute read Robert Rothenberg

Some end of year reminders for CPAN Authors: Do all of your modules have up-to-date contact information?