CVE-2026-7040

Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minifyutf8 function is an alias for minify...

CVE-2024-57854

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand function, which is not suitable fo...

EUVD-2011-2907

Malware in sbrugna...

RHSA-2025:12056 Red Hat Security Advisory: perl security update

Bulletin has no description...

CVE-2025-40924

Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID wil...

CVE-2025-40923

Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if i...

CVE-2025-40910 Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses

Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally usi...

GO-2025-3726 IO::Compress::Brotli versions prior to 0.007 for Perl have an integer overflow in the bundled Brotli C library in github.com/google/brotli

IO::Compress::Brotli versions prior to 0.007 for Perl have an integer overflow in the bundled Brotli C library in github.com/google/brotli...

CVE-2025-2814

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to...

PT-2025-16174 · Unknown +2 · Crypt::Cbc +2

Name of the Vulnerable Software and Affected Versions: Crypt::CBC versions 1.21 through 3.04 Description: The issue affects Crypt::CBC for Perl, where versions between 1.21 and 3.04 may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographi...

DLA-4122-1 libbssolv-perl - security update

Bulletin has no description...

CVE-2024-58036

Net::Dropbox::API 1.9 and earlier for Perl uses the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Specifically Net::Dropbox::API uses the Data::Random library which specifically states that it is "Useful mostly for test...

CVE-2025-1860

Data::Entropy for Perl 0.007 and earlier use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2025-22376

In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand function, which is not cryptographically strong...

CVE-2024-56830

The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand if no strong randomization module is present...

RHSA-2019:0109 Red Hat Security Advisory: perl security update

Bulletin has no description...

CVE-2020-36829

The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...

DLA-3035-1 libdbi-perl - security update

Bulletin has no description...

new packages: perl-Software-License

An update is available for perl-Software-License. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

MGASA-2022-0078 Updated cpanminus packages fix security vulnerability

The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. CVE-2020-16154...