CVE Tools

perl

OSS Librariesoss-project

36

Cumulative CVEs

21

Monthly snapshots

#45

Peak rank

Top products

dbi5 database interface2

Latest CVEs

The 15 most recently published vulnerabilities affecting perl.

CVE-2026-9698DBI versions before 1.648 for Perl saved errors in a limited-sized buffer9.8Jun 9, 2026
CVE-2026-10879DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders9.8Jun 5, 2026
CVE-2026-8376Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds9.8May 25, 2026
CVE-2026-4176Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib9.8Mar 29, 2026
CVE-2025-40909Perl threads have a working directory race condition where file operations may target unintended paths5.9May 30, 2025
CVE-2024-56406Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes8.4Apr 13, 2025
CVE-2025-1828Perl's Crypt::Random module after 1.05 and before 1.56 may use rand() function for cryptographic functions8.8Mar 10, 2025
CVE-2023-47039Perl: perl for windows binary hijacking vulnerability7.8Jan 2, 2024
CVE-2023-47038Perl: write past buffer end via illegal user-defined unicode property7.0Dec 18, 2023
CVE-2022-48522In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.9.8Aug 22, 2023
CVE-2023-31486HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.8.1Apr 28, 2023
CVE-2023-31484CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.8.1Apr 28, 2023
CVE-2020-16156CPAN 2.28 allows Signature Verification Bypass.7.8Dec 13, 2021
CVE-2019-20919An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), cau...4.7Sep 17, 2020
CVE-2014-10402An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name ...6.1Sep 16, 2020