Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
HSEC-2026-0007
  • Hackage/aeson
  • Hackage/text-iso8601
 Denial of Service and Memory Exhaustion in aeson and text-iso8601 22 May
  • Fix available
  • Severity - 7.5 (High)
HSEC-2026-0006
  • Hackage/Cabal
 Cabal deletes project source files during configure 08 Apr
  • No fix available
  • Severity - 5.5 (Medium)
HSEC-2026-0004
  • Hackage/hackage-server
 Hackage package metadata stored XSS vulnerability 28 Mar
  • No fix available
  • Severity - 9.9 (Critical)
HSEC-2026-0002
  • Hackage/hackage-server
 Hackage CSRF vulnerability 28 Mar
  • No fix available
  • Severity - 9.6 (Critical)
HSEC-2024-0004
  • Hackage/hackage-server
 Hackage package and doc upload stored XSS vulnerability 16 Jan
  • Fix available
  • Severity - 9.9 (Critical)
HSEC-2025-0007
  • Hackage/cmark-gfm
 cmark-gfm: resource exhaustion due to quadratic complexity in parser 27 Dec 2025
  • Fix available
  • Severity - 7.5 (High)
HSEC-2025-0006
  • Hackage/crypton-x509-store
  • Hackage/x509-store
 Private key leak via inherited file descriptor 17 Nov 2025
  • Fix available
  • Severity - 5.3 (Medium)
HSEC-2023-0001
  • Hackage/aeson
 Hash flooding vulnerability in aeson 14 Nov 2025
  • Fix available
  • Severity - 6.5 (Medium)
HSEC-2023-0002
  • Hackage/biscuit-haskell
 Improper Verification of Cryptographic Signature 14 Nov 2025
  • Fix available
  • Severity - 9.8 (Critical)
HSEC-2023-0003
  • Hackage/xmonad-contrib
 code injection in xmonad-contrib 14 Nov 2025
  • Fix available
  • Severity - 7.5 (High)
HSEC-2023-0004
  • Hackage/xml-conduit
 xml-conduit unbounded entity expansion 14 Nov 2025
  • Fix available
  • Severity - 7.5 (High)
HSEC-2023-0005
  • Hackage/tls-extra
 tls-extra: certificate validation does not check Basic Constraints 14 Nov 2025
  • Fix available
  • Severity - 9.1 (Critical)
HSEC-2023-0006
  • Hackage/x509-validation
 x509-validation does not enforce pathLenConstraint 14 Nov 2025
  • Fix available
  • Severity - 5.7 (Medium)
HSEC-2023-0007
  • Hackage/base
  • Hackage/toml-reader
 readFloat: memory exhaustion with large exponent 14 Nov 2025
  • Fix available
  • Severity - 7.5 (High)
HSEC-2023-0008
  • Hackage/hledger-web
 Stored XSS in hledger-web 14 Nov 2025
  • Fix available
  • Severity - 5.4 (Medium)
HSEC-2023-0009
  • Hackage/git-annex
 git-annex command injection via malicious SSH hostname 14 Nov 2025
  • Fix available
  • Severity - 8.8 (High)
Load more...(1 page left)