VYPR
Vendor

Cpan Authors

Products
4
CVEs
6
Across products
6
Status
Private

Products

4

Recent CVEs

6
  • CVE-2026-7111HigApr 29, 2026
    risk 0.48cvss 8.4epss 0.00

    Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getline_all methods invoke registered callbacks (for example…

  • CVE-2026-8177HigMay 10, 2026
    risk 0.42cvss 7.5epss 0.00

    XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into…

  • CVE-2026-5089HigMay 12, 2026
    risk 0.40cvss 7.3epss 0.00

    YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 (sexagesimal) parsing code in perl_syck.h has a buffer underflow bug in both int#base60 and float#base60 handlers. When processing the leftmost segment of a colon-separated value (e.g., the 1 in…

  • CVE-2025-2814MedApr 13, 2025
    risk 0.19cvss 4.0epss 0.00

    Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable.  In that case,…

  • CVE-2026-4177Mar 16, 2026
    risk 0.00cvss epss 0.01

    YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the…

  • CVE-2025-11683Oct 16, 2025
    risk 0.00cvss epss 0.00

    YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex…