OSV - Open Source Vulnerabilities

HSEC-2024-0003

Hackage/process

process: command injection via argument list on Windows

1.0.0.0
1.0.1.1
1.0.1.2
1.0.1.3
1.0.1.4
1.0.1.5
1.1.0.0
...

2024-04-09T22:14:47Z

Fix available

HSEC-2024-0002

Hackage/bzlib
Hackage/bz2
Hackage/bzlib-conduit

out-of-bounds write when there are many bzip2 selectors

0.4
0.4.0.1
0.4.0.3
0.5.0.0
0.5.0.1
0.5.0.2
0.5.0.3
...

2024-03-11T12:26:51Z

Fix available

HSEC-2024-0001

Hackage/keter

Reflected XSS vulnerability in keter

0.3.4
0.3.4.1
0.3.4.2
0.3.5
0.3.5.1
0.3.5.2
0.3.5.3
...

2024-02-27T17:06:24Z

Fix available

HSEC-2023-0015

Hackage/cabal-install

cabal-install uses expired key policies

1.24.0.0
1.24.0.1
1.24.0.2
2.0.0.0
2.0.0.1
2.2.0.0
2.4.0.0
...

2023-11-07T03:57:00Z

Fix available

HSEC-2023-0014

Hackage/pandoc

Arbitrary file write is possible when using PDF output or --extract-media with untrusted input

1.13
1.13.0.1
1.13.1
1.13.2
1.13.2.1
1.14
1.14.0.1
...

2023-08-22T23:08:06Z

Fix available

HSEC-2023-0009

Hackage/git-annex

git-annex command injection via malicious SSH hostname

3.20110702
3.20110702.2
3.20110705
3.20110707
3.20110819
3.20110902
3.20110906
...

2023-07-25T13:25:42Z

Fix available

HSEC-2023-0010

Hackage/git-annex

git-annex private data exfiltration to compromised remote

3.20110702
3.20110702.2
3.20110705
3.20110707
3.20110819
3.20110902
3.20110906
...

2023-07-25T13:25:42Z

Fix available

HSEC-2023-0011

Hackage/git-annex

git-annex GPG decryption attack via compromised remote

3.20110702
3.20110702.2
3.20110705
3.20110707
3.20110819
3.20110902
3.20110906
...

2023-07-25T13:25:42Z

Fix available

HSEC-2023-0012

Hackage/git-annex

git-annex checksum exposure to encrypted special remotes

3.20110702
3.20110702.2
3.20110705
3.20110707
3.20110819
3.20110902
3.20110906
...

2023-07-25T13:25:42Z

Fix available

HSEC-2023-0013

Hackage/git-annex

git-annex plaintext storage of embedded credentials on encrypted remotes

3.20110702
3.20110702.2
3.20110705
3.20110707
3.20110819
3.20110902
3.20110906
...

2023-07-25T13:25:42Z

Fix available

HSEC-2023-0008

Hackage/hledger-web

Stored XSS in hledger-web

0.24
0.24.1
0.25
0.25.1
0.26
0.27
1.0
...

2023-07-22T12:23:10Z

Fix available

HSEC-2023-0007

Hackage/base
Hackage/toml-reader

readFloat: memory exhaustion with large exponent

3.0.3.1
3.0.3.2
4.0.0.0
4.1.0.0
4.10.0.0
4.10.1.0
4.11.0.0
...

2023-07-22T02:29:32Z

Fix available

HSEC-2023-0006

Hackage/x509-validation

x509-validation does not enforce pathLenConstraint

1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
...

2023-07-19T13:59:54Z

Fix available

HSEC-2023-0005

Hackage/tls-extra

tls-extra: certificate validation does not check Basic Constraints

0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
...

2023-07-19T13:29:39Z

Fix available

HSEC-2023-0004

Hackage/xml-conduit

xml-conduit unbounded entity expansion

0.5.0
0.5.0.1
0.5.1
0.5.1.1
0.5.1.2
0.5.2
0.5.3
...

2023-07-18T14:37:41Z

Fix available

HSEC-2023-0002

Hackage/biscuit-haskell

Improper Verification of Cryptographic Signature

0.1.0.0
0.1.1.0

2023-06-19T21:35:33Z

Fix available

Load more...(1 page left)

Vulnerability Library