OSV - Open Source Vulnerabilities

HSEC-2024-0004

Hackage/hackage-server

Hackage package and doc upload stored XSS vulnerability

16 Jan

Fix available
Severity - 9.9 (Critical)

HSEC-2025-0007

Hackage/cmark-gfm

cmark-gfm: resource exhaustion due to quadratic complexity in parser

27 Dec 2025

Fix available
Severity - 7.5 (High)

HSEC-2025-0006

Hackage/crypton-x509-store
Hackage/x509-store

Private key leak via inherited file descriptor

17 Nov 2025

Fix available
Severity - 5.3 (Medium)

HSEC-2023-0001

Hackage/aeson

Hash flooding vulnerability in aeson

14 Nov 2025

Fix available
Severity - 6.5 (Medium)

HSEC-2023-0002

Hackage/biscuit-haskell

Improper Verification of Cryptographic Signature

14 Nov 2025

Fix available
Severity - 9.8 (Critical)

HSEC-2023-0003

Hackage/xmonad-contrib

code injection in xmonad-contrib

14 Nov 2025

Fix available
Severity - 7.5 (High)

HSEC-2023-0004

Hackage/xml-conduit

xml-conduit unbounded entity expansion

14 Nov 2025

Fix available
Severity - 7.5 (High)

HSEC-2023-0005

Hackage/tls-extra

tls-extra: certificate validation does not check Basic Constraints

14 Nov 2025

Fix available
Severity - 9.1 (Critical)

HSEC-2023-0006

Hackage/x509-validation

x509-validation does not enforce pathLenConstraint

14 Nov 2025

Fix available
Severity - 5.7 (Medium)

HSEC-2023-0007

Hackage/base
Hackage/toml-reader

readFloat: memory exhaustion with large exponent

14 Nov 2025

Fix available
Severity - 7.5 (High)

HSEC-2023-0008

Hackage/hledger-web

Stored XSS in hledger-web

14 Nov 2025

Fix available
Severity - 5.4 (Medium)

HSEC-2023-0009

Hackage/git-annex

git-annex command injection via malicious SSH hostname

14 Nov 2025

Fix available
Severity - 8.8 (High)

HSEC-2023-0010

Hackage/git-annex

git-annex private data exfiltration to compromised remote

14 Nov 2025

Fix available
Severity - 5.9 (Medium)

HSEC-2023-0011

Hackage/git-annex

git-annex GPG decryption attack via compromised remote

14 Nov 2025

Fix available
Severity - 5.9 (Medium)

HSEC-2023-0012

Hackage/git-annex

git-annex checksum exposure to encrypted special remotes

14 Nov 2025

Fix available
Severity - 3.7 (Low)

HSEC-2023-0013

Hackage/git-annex

git-annex plaintext storage of embedded credentials on encrypted remotes

14 Nov 2025

Fix available
Severity - 8.8 (High)

Load more...(1 page left)