Date Index - January 2026 - CPANSec CVE announcements

06 Jan 2026 00:31 UTC	CVE-2025-15444: Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium	Timothy Legge
19 Jan 2026 02:56 UTC	CVE-2026-0943: HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled library with a null pointer dereference vulnerability	Stig Palmquist