Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Perl Number Of NVD 43 CRITICAL 12 HIGH 18 MEDIUM 12 LOW 1
URL https://www.perl.org/
Explanation Perl is an advanced, feature-rich programming language with over 30 years of development experience.
Perl runs on over 100 platforms, from portable to mainframe, and is suitable for both rapid prototyping and large-scale development projects.

The above text is a translation of the English version at [https://www.perl.org/about.html].

Perl has long been used for server backend scripting and also as a server-side programming language for web applications.
In recent years, other languages such as PHP and Python have come into use.

The y in the Perl version notation x.y.z is even for the regular version and odd for the development version.
Tag
  • Artistic License
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.perl.org/get.html
2 https://github.com/Perl/perl5
3 http://www.cpan.org/src/
4 https://japan.perlassociation.org/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
1 Perl 5 5.43.5 Nov. 20, 2025 9 16 11 1
2 Perl 2 2.18.1 7 11 4 1
3 Perl 1 1.49 7 12 4 1
4 Perl 0 0.1 7 11 4 1
5 Perl - - 7 11 4 1
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
1 9.8
- 		CRITICAL
Network 		Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl … NVD-CWE-Other
CVE-2026-4176 cpe:2.3:a:perl:perl:*:* 5.9.4
5.41.0
5.43.0



5.40.4
5.42.2
5.43.9 		2026-04-23 02:31
2026-03-30 		Show GitHub Exploit DB Packet Storm
2 7.8
- 		HIGH
Local 		A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses… CWE-787
 Out-of-bounds Write 		CVE-2023-47039 cpe:2.3:a:perl:perl:*:* 5.32.1 2024-11-21 17:29
2024-01-2 		Show GitHub Exploit DB Packet Storm
3 7.8
- 		HIGH
Local 		A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap… CWE-787
 Out-of-bounds Write 		CVE-2023-47038 cpe:2.3:a:perl:perl:5.34.0:* 2024-11-21 17:29
2023-12-18 		Show GitHub Exploit DB Packet Storm
4 9.8
- 		CRITICAL
Network 		In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest af… CWE-755
 Improper Handling of Exceptional Conditions 		CVE-2023-47100 cpe:2.3:a:perl:perl:*:* 5.30.0 5.38.2 2024-11-21 17:29
2023-12-3 		Show GitHub Exploit DB Packet Storm
5 9.8
- 		CRITICAL
Network 		In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. CWE-787
 Out-of-bounds Write 		CVE-2022-48522 cpe:2.3:a:perl:perl:5.34.0:- 2024-11-21 16:33
2023-08-23 		Show GitHub Exploit DB Packet Storm
6 8.1
- 		HIGH
Network 		HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. CWE-295
Improper Certificate Validation  		CVE-2023-31486 cpe:2.3:a:perl:perl:*:* 5.38.0 2024-11-21 17:01
2023-04-29 		Show GitHub Exploit DB Packet Storm
7 8.1
- 		HIGH
Network 		CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CWE-295
Improper Certificate Validation  		CVE-2023-31484 cpe:2.3:a:perl:perl:*:* 5.38.0 2024-11-21 17:01
2023-04-29 		Show GitHub Exploit DB Packet Storm
8 7.5
5.0 		HIGH
Network 		regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. CWE-120
Classic Buffer Overflow 		CVE-2020-12723 cpe:2.3:a:perl:perl:*:* 5.30.3 2024-11-21 14:00
2020-06-6 		Show GitHub Exploit DB Packet Storm
9 8.6
7.5 		HIGH
Network 		Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of in… CWE-190
 Integer Overflow or Wraparound 		CVE-2020-10878 cpe:2.3:a:perl:perl:*:* 5.30.3 2024-11-21 13:56
2020-06-5 		Show GitHub Exploit DB Packet Storm
10 8.2
6.4 		HIGH
Network 		Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. CWE-787
CWE-190
 Out-of-bounds Write
 Integer Overflow or Wraparound 		CVE-2020-10543 cpe:2.3:a:perl:perl:*:* 5.30.3 2024-11-21 13:55
2020-06-5 		Show GitHub Exploit DB Packet Storm