Vulnerability Database
Blog
FAQ
Docs
Vulnerability Library
search
All ecosystems
111976
AlmaLinux
2819
Alpine
3418
Android
890
Bitnami
3949
CRAN
10
crates.io
1353
Debian
9885
GIT
27841
GitHub Actions
16
Go
2182
Hackage
18
Hex
30
Linux
13573
Maven
4893
npm
14446
NuGet
587
OSS-Fuzz
3310
Packagist
3567
Pub
8
PyPI
12034
Rocky Linux
1192
RubyGems
790
SwiftURL
31
Ubuntu
5134
ID
Packages
Summary
Affected versions
Published
Fix
HSEC-2024-0003
Hackage/process
process: command injection via argument list on Windows
1.0.0.0
1.0.1.1
1.0.1.2
1.0.1.3
1.0.1.4
1.0.1.5
1.1.0.0
...
2024-04-09T22:14:47Z
Fix available
HSEC-2024-0002
Hackage/bzlib
Hackage/bz2
Hackage/bzlib-conduit
out-of-bounds write when there are many bzip2 selectors
0.4
0.4.0.1
0.4.0.3
0.5.0.0
0.5.0.1
0.5.0.2
0.5.0.3
...
2024-03-11T12:26:51Z
Fix available
HSEC-2024-0001
Hackage/keter
Reflected XSS vulnerability in keter
0.3.4
0.3.4.1
0.3.4.2
0.3.5
0.3.5.1
0.3.5.2
0.3.5.3
...
2024-02-27T17:06:24Z
Fix available
HSEC-2023-0015
Hackage/cabal-install
cabal-install uses expired key policies
1.24.0.0
1.24.0.1
1.24.0.2
2.0.0.0
2.0.0.1
2.2.0.0
2.4.0.0
...
2023-11-07T03:57:00Z
Fix available
HSEC-2023-0014
Hackage/pandoc
Arbitrary file write is possible when using PDF output or --extract-media with untrusted input
1.13
1.13.0.1
1.13.1
1.13.2
1.13.2.1
1.14
1.14.0.1
...
2023-08-22T23:08:06Z
Fix available
HSEC-2023-0009
Hackage/git-annex
git-annex command injection via malicious SSH hostname
3.20110702
3.20110702.2
3.20110705
3.20110707
3.20110819
3.20110902
3.20110906
...
2023-07-25T13:25:42Z
Fix available
HSEC-2023-0010
Hackage/git-annex
git-annex private data exfiltration to compromised remote
3.20110702
3.20110702.2
3.20110705
3.20110707
3.20110819
3.20110902
3.20110906
...
2023-07-25T13:25:42Z
Fix available
HSEC-2023-0011
Hackage/git-annex
git-annex GPG decryption attack via compromised remote
3.20110702
3.20110702.2
3.20110705
3.20110707
3.20110819
3.20110902
3.20110906
...
2023-07-25T13:25:42Z
Fix available
HSEC-2023-0012
Hackage/git-annex
git-annex checksum exposure to encrypted special remotes
3.20110702
3.20110702.2
3.20110705
3.20110707
3.20110819
3.20110902
3.20110906
...
2023-07-25T13:25:42Z
Fix available
HSEC-2023-0013
Hackage/git-annex
git-annex plaintext storage of embedded credentials on encrypted remotes
3.20110702
3.20110702.2
3.20110705
3.20110707
3.20110819
3.20110902
3.20110906
...
2023-07-25T13:25:42Z
Fix available
HSEC-2023-0008
Hackage/hledger-web
Stored XSS in hledger-web
0.24
0.24.1
0.25
0.25.1
0.26
0.27
1.0
...
2023-07-22T12:23:10Z
Fix available
HSEC-2023-0007
Hackage/base
Hackage/toml-reader
readFloat: memory exhaustion with large exponent
3.0.3.1
3.0.3.2
4.0.0.0
4.1.0.0
4.10.0.0
4.10.1.0
4.11.0.0
...
2023-07-22T02:29:32Z
Fix available
HSEC-2023-0006
Hackage/x509-validation
x509-validation does not enforce pathLenConstraint
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
...
2023-07-19T13:59:54Z
Fix available
HSEC-2023-0005
Hackage/tls-extra
tls-extra: certificate validation does not check Basic Constraints
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
...
2023-07-19T13:29:39Z
Fix available
HSEC-2023-0004
Hackage/xml-conduit
xml-conduit unbounded entity expansion
0.5.0
0.5.0.1
0.5.1
0.5.1.1
0.5.1.2
0.5.2
0.5.3
...
2023-07-18T14:37:41Z
Fix available
HSEC-2023-0002
Hackage/biscuit-haskell
Improper Verification of Cryptographic Signature
0.1.0.0
0.1.1.0
2023-06-19T21:35:33Z
Fix available
Load more...
(1 page left)
Hackage - OSV