OSV - Open Source Vulnerabilities

HSEC-2024-0009

Hackage/biscuit-haskell

Public key confusion in third-party blocks

01 Aug

Fix available

HSEC-2024-0003

Hackage/process

process: command injection via argument list on Windows

09 Apr

Fix available

HSEC-2024-0002

Hackage/bzlib
Hackage/bz2
Hackage/bzlib-conduit

out-of-bounds write when there are many bzip2 selectors

11 Mar

Fix available

HSEC-2024-0001

Hackage/keter

Reflected XSS vulnerability in keter

27 Feb

Fix available

HSEC-2023-0015

Hackage/cabal-install

cabal-install uses expired key policies

07 Nov 2023

Fix available

HSEC-2023-0014

Hackage/pandoc

Arbitrary file write is possible when using PDF output or --extract-media with untrusted input

22 Aug 2023

Fix available

HSEC-2023-0009

Hackage/git-annex

git-annex command injection via malicious SSH hostname

25 Jul 2023

Fix available

HSEC-2023-0010

Hackage/git-annex

git-annex private data exfiltration to compromised remote

25 Jul 2023

Fix available

HSEC-2023-0011

Hackage/git-annex

git-annex GPG decryption attack via compromised remote

25 Jul 2023

Fix available

HSEC-2023-0012

Hackage/git-annex

git-annex checksum exposure to encrypted special remotes

25 Jul 2023

Fix available

HSEC-2023-0013

Hackage/git-annex

git-annex plaintext storage of embedded credentials on encrypted remotes

25 Jul 2023

Fix available

HSEC-2023-0008

Hackage/hledger-web

Stored XSS in hledger-web

22 Jul 2023

Fix available

HSEC-2023-0007

Hackage/base
Hackage/toml-reader

readFloat: memory exhaustion with large exponent

22 Jul 2023

Fix available

HSEC-2023-0006

Hackage/x509-validation

x509-validation does not enforce pathLenConstraint

19 Jul 2023

Fix available

HSEC-2023-0005

Hackage/tls-extra

tls-extra: certificate validation does not check Basic Constraints

19 Jul 2023

Fix available

HSEC-2023-0004

Hackage/xml-conduit

xml-conduit unbounded entity expansion

18 Jul 2023

Fix available

Load more...(1 page left)