CPAN Security Advisory Database
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

CPAN Security Advisory Database (CPANSA)

This is a database of the security advisories for the Perl modules uploaded to CPAN.

This is a hand-picked database. If you want to be automatically notified when one of your dependencies has a security issue, check out


Command line checks

For command line checks take a look at CPAN-Audit package.

$ cpan-audit module Catalyst '>7.0'

Database format

Id format: CPANSA-<dist-name>-<year>-<sequence>

Database is in YAML format with a simple structure:

- id: CPANSA-Mojolicious-2008-01
  distribution: Mojolicious
  reported: 2011-04-05
  severity: critical
  description: >
    Directory traversal vulnerability in in Mojolicious before 1.16 allows remote attackers to read arbitrary
    files via a %2f..%2f (encoded slash dot dot slash) in a URI.
    - CVE-2011-1589
  affected_versions: "< 1.16"
  fixed_versions: ">= 1.16"


Viacheslav Tykhanovskyi (


Takumi Akiyama (


If you know of a security vulnerability that is not present in our database, feel free to contribute with a Pull Request. Let's make it as complete as possible!