Advisories list

The Haskell Security Advisory Database is a repository of security advisories filed against packages published via Hackage.

It is generated from Haskell Security Advisory Database. Feel free to report new or historic security issues.

#Package(s)Summary
HSEC-2024-0009biscuit-haskellPublic key confusion in third-party blocks
HSEC-2024-0003processprocess: command injection via argument list on Windows
HSEC-2024-0002bzlib,bz2,bzlib-conduitout-of-bounds write when there are many bzip2 selectors
HSEC-2024-0001keterReflected XSS vulnerability in keter
HSEC-2023-0015cabal-installcabal-install uses expired key policies
HSEC-2023-0014pandocArbitrary file write is possible when using PDF output or --extract-media with untrusted input
HSEC-2023-0013git-annexgit-annex plaintext storage of embedded credentials on encrypted remotes
HSEC-2023-0012git-annexgit-annex checksum exposure to encrypted special remotes
HSEC-2023-0011git-annexgit-annex GPG decryption attack via compromised remote
HSEC-2023-0010git-annexgit-annex private data exfiltration to compromised remote
HSEC-2023-0009git-annexgit-annex command injection via malicious SSH hostname
HSEC-2023-0008hledger-webStored XSS in hledger-web
HSEC-2023-0007base,toml-readerreadFloat: memory exhaustion with large exponent
HSEC-2023-0006x509-validationx509-validation does not enforce pathLenConstraint
HSEC-2023-0005tls-extratls-extra: certificate validation does not check Basic Constraints
HSEC-2023-0004xml-conduitxml-conduit unbounded entity expansion
HSEC-2023-0003xmonad-contribcode injection in xmonad-contrib
HSEC-2023-0002biscuit-haskellImproper Verification of Cryptographic Signature
HSEC-2023-0001aesonHash flooding vulnerability in aeson