VYPR

npm package

@marko/runtime-tags

pkg:npm/%40marko/runtime-tags

Vulnerabilities (1)

  • CVE-2026-41591MedMay 8, 2026
    affected < 6.0.164fixed 6.0.164

    Marko is a declarative, HTML-based language for building web apps. Prior to marko version 5.38.36 and prior to @marko/runtime-tags 6.0.164, when dynamic text is interpolated into a or tag the Marko runtime failed to prevent tag breakout when the closing tag used