VYPR

Hackage.haskell.org

by RubyGems

CVEs (1)

  • CVE-2026-40470CriApr 23, 2026
    risk 0.64cvss 9.9epss 0.00

    A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript files provided in source packages or via the documentation upload facility were served as-is on the main hackage.haskell.org domain. As a consequence, when a user with latent HTTP…