Security Reports for CPAN Authors
We have added a new guide on Security Reports for CPAN Authors.
We have added a new guide on Security Reports for CPAN Authors.
We have added a CPANSec CNA and CVE Frequently Asked Questions (FAQ).
We have added the CNA Vulnerability to Fix and Disclosure Workflow that describes our process from receiving vulnerability reports to vulnerability publishing.
The MetaCPAN website now displays security advisories when you view a distribution with a known security advistory on it.
The CPAN Security Group was authorized by the CVE Program as a CVE Numbering Authority (CNA) on Feb 25, 2025. A CNA assigns and manages CVE identifiers for p...
CVE-2024-45321: In its default configuration cpanminus uses insecure HTTP to download and install code from CPAN. This results in a CWE-494 weakness, enablin...
Between Dec 2023 and Jan 2024, vulnerabilities in Spreadsheet::ParseExcel and Spreadsheet::ParseXLSX were reported to the CPAN Security Group (CPANSec). This...
There’s a new group in the Perl + CPAN communities!