CVEs affecting projects tracked on Release Alert, from NVD & OSV.
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.