Advisories list

The Haskell Security Advisory Database is a repository of security advisories filed against packages published via Hackage.

It is generated from Haskell Security Advisory Database. Feel free to report new or historic security issues.

aeson

#IntroducedFixedSummary
HSEC-2023-00010.4.0.02.0.1.0Hash flooding vulnerability in aeson

base

#IntroducedFixedSummary
HSEC-2023-00073.0.3.1readFloat: memory exhaustion with large exponent

biscuit-haskell

#IntroducedFixedSummary
HSEC-2024-00090.3.0.00.4.0.0Public key confusion in third-party blocks
HSEC-2023-00020.1.0.00.2.0.0Improper Verification of Cryptographic Signature

bz2

#IntroducedFixedSummary
HSEC-2024-00020.1.0.01.0.1.1out-of-bounds write when there are many bzip2 selectors

bzlib

#IntroducedFixedSummary
HSEC-2024-00020.40.5.2.0out-of-bounds write when there are many bzip2 selectors

bzlib-conduit

#IntroducedFixedSummary
HSEC-2024-00020.1.0.00.3.0.3out-of-bounds write when there are many bzip2 selectors

cabal-install

#IntroducedFixedSummary
HSEC-2023-00151.24.0.03.10.2.0cabal-install uses expired key policies

git-annex

#IntroducedFixedSummary
HSEC-2023-00130.201104015.20140919git-annex plaintext storage of embedded credentials on encrypted remotes
HSEC-2023-00120.201104176.20160419git-annex checksum exposure to encrypted special remotes
HSEC-2023-00110.201104176.20180626git-annex GPG decryption attack via compromised remote
HSEC-2023-001006.20180626git-annex private data exfiltration to compromised remote
HSEC-2023-000906.20170818git-annex command injection via malicious SSH hostname

hledger-web

#IntroducedFixedSummary
HSEC-2023-00080.241.23Stored XSS in hledger-web

keter

#IntroducedFixedSummary
HSEC-2024-00010.3.41.8.4Reflected XSS vulnerability in keter

pandoc

#IntroducedFixedSummary
HSEC-2023-00141.133.1.4Arbitrary file write is possible when using PDF output or --extract-media with untrusted input

process

#IntroducedFixedSummary
HSEC-2024-00031.0.0.01.6.23.0process: command injection via argument list on Windows

tls-extra

#IntroducedFixedSummary
HSEC-2023-00050.1.00.4.6.1tls-extra: certificate validation does not check Basic Constraints

toml-reader

#IntroducedFixedSummary
HSEC-2023-00070.1.0.00.2.0.0readFloat: memory exhaustion with large exponent

x509-validation

#IntroducedFixedSummary
HSEC-2023-00061.4.01.4.8x509-validation does not enforce pathLenConstraint

xml-conduit

#IntroducedFixedSummary
HSEC-2023-00040.5.01.9.1.0xml-conduit unbounded entity expansion

xmonad-contrib

#IntroducedFixedSummary
HSEC-2023-00030.50.11.2code injection in xmonad-contrib