Awesome
CPAN Security Advisory Database (CPANSA)
This is a database of the security advisories for the Perl modules uploaded to CPAN.
This is a hand-picked database. If you want to be automatically notified when one of your dependencies has a security issue, check out https://kritika.io.
Sources
- metacpan.org - modules Changes files with security fixes
- CVE databases
- OS distributions security advisory feeds:
Command line checks
For command line checks take a look at CPAN-Audit package.
$ cpan-audit module Catalyst '>7.0'
Database format
Id format: CPANSA-<dist-name>-<year>-<sequence>
Database is in YAML format with a simple structure:
- id: CPANSA-Mojolicious-2008-01
distribution: Mojolicious
reported: 2011-04-05
severity: critical
description: >
Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary
files via a %2f..%2f (encoded slash dot dot slash) in a URI.
cves:
- CVE-2011-1589
references:
- https://github.com/mojolicious/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818
- https://www.cvedetails.com/cve/CVE-2011-1589/
affected_versions: "< 1.16"
fixed_versions: ">= 1.16"
Maintainer
Viacheslav Tykhanovskyi (github.com/vti)
Credits
Takumi Akiyama (github.com/akiym)
Takafumi Onaka (github.com/onk)
Mala (github.com/mala)
Contribution
If you know of a security vulnerability that is not present in our database, feel free to contribute with a Pull Request. Let's make it as complete as possible!