OSV - Open Source Vulnerabilities

HSEC-2025-0004

Hackage/spacecookie

Broken Path Sanitization in spacecookie Library

06 May

Fix available

HSEC-2025-0003

Hackage/xz-clib

Use after free in multithreaded lzma (.xz) decoder

03 Apr

Fix available

HSEC-2025-0002

Hackage/cryptonite
Hackage/crypton

Double Public Key Signing Function Oracle Attack on Ed25519

03 Apr

Fix available

HSEC-2024-0006

Hackage/base

fromIntegral: conversion error

20 Mar

Fix available

HSEC-2024-0009

Hackage/biscuit-haskell

Public key confusion in third-party blocks

01 Aug 2024

Fix available

HSEC-2024-0003

Hackage/process

process: command injection via argument list on Windows

09 Apr 2024

Fix available

HSEC-2024-0002

Hackage/bzlib
Hackage/bz2
Hackage/bzlib-conduit

out-of-bounds write when there are many bzip2 selectors

11 Mar 2024

Fix available

HSEC-2024-0001

Hackage/keter

Reflected XSS vulnerability in keter

27 Feb 2024

Fix available

HSEC-2023-0015

Hackage/cabal-install

cabal-install uses expired key policies

07 Nov 2023

Fix available

HSEC-2023-0014

Hackage/pandoc

Arbitrary file write is possible when using PDF output or --extract-media with untrusted input

22 Aug 2023

Fix available

HSEC-2023-0009

Hackage/git-annex

git-annex command injection via malicious SSH hostname

25 Jul 2023

Fix available

HSEC-2023-0010

Hackage/git-annex

git-annex private data exfiltration to compromised remote

25 Jul 2023

Fix available

HSEC-2023-0011

Hackage/git-annex

git-annex GPG decryption attack via compromised remote

25 Jul 2023

Fix available

HSEC-2023-0012

Hackage/git-annex

git-annex checksum exposure to encrypted special remotes

25 Jul 2023

Fix available

HSEC-2023-0013

Hackage/git-annex

git-annex plaintext storage of embedded credentials on encrypted remotes

25 Jul 2023

Fix available

HSEC-2023-0008

Hackage/hledger-web

Stored XSS in hledger-web

22 Jul 2023

Fix available

Load more...(1 page left)