EUVD-2026-25235

In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting XSS attacks...

CVE-2026-40472

In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting XSS attacks...

CVE-2026-40472 Hackage package metadata stored XSS vulnerability

In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting XSS attacks...

CVE-2026-40472 Hackage package metadata stored XSS vulnerability

In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting XSS attacks...

CVE-2026-40472

The CVE-2026-40472 affects the Hackage Haskell server (hackage-server). It enables stored XSS by injecting user-controlled metadata from .cabal files that is rendered into HTML href attributes without proper sanitization. The underlying issue is unsanitized rendering of certain metadata fields (e...

CVE-2026-40472

In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting XSS attacks...

HSEC-2026-0004 Hackage package metadata stored XSS vulnerability

Hackage package metadata stored XSS vulnerability User-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting XSS attacks. The specific fields affected are: - homepage - bug-reports - source-repository.locatio...

HSEC-2023-0015 cabal-install uses expired key policies

cabal-install uses expired key policies A problem was recently discovered in cabal-install's implementation of the Hackage Security protocol that would allow an attacker who was in possession of a revoked private key and who could perform a man-in-the-middle attack against Hackage to use the...

HSEC-2025-0005 cabal-install dependency confusion

cabal-install dependency confusion For cabal-install 3.4.0.0 and where multiple repositories are configured, the resolver picks the highest available version across all repositories. Where a package is only defined in a private repository, this behaviour leads to a dependency confusionblog supply...

MAL-2025-8533 Malicious code in @malware-test-cabal-setae-fried-gulag/test-mlw3-cabal-setae-fried-gulag (npm)

The package @malware-test-cabal-setae-fried-gulag/test-mlw3-cabal-setae-fried-gulag was found to contain malicious code...

Malicious code in @malware-test-cabal-setae-fried-gulag/test-mlw3-cabal-setae-fried-gulag (npm)

The package @malware-test-cabal-setae-fried-gulag/test-mlw3-cabal-setae-fried-gulag was found to contain malicious code...

PT-2025-30608 · Hackage · Cabal-Install

cabal-install dependency confusion For cabal-install 3.4.0.0 and where multiple repositories are configured, the resolver picks the highest available version across all repositories. Where a package is only defined in a private repository, this behaviour leads to a dependency confusionblog supply...

Fedora: Security Advisory for cabal-rpm (FEDORA-2022-0b216519ff)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: cabal-rpm-2.0.11-1.fc36

This package provides a RPM packaging tool for Haskell Cabal-based packages. cabal-rpm has commands to generate a RPM spec file and srpm for a package. It can rpmbuild packages, yum/dnf install their dependencies, prep packages, and install them. There are commands to list package dependencies an...

[SECURITY] Fedora 34 Update: cabal-rpm-2.0.11-1.fc34

This package provides a RPM packaging tool for Haskell Cabal-based packages. cabal-rpm has commands to generate a RPM spec file and srpm for a package. It can rpmbuild packages, yum/dnf install their dependencies, prep packages, and install them. There are commands to list package dependencies an...

Fedora: Security Advisory for cabal-rpm (FEDORA-2022-78559f99a9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for cabal-rpm (FEDORA-2022-429861c39a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: cabal-rpm-2.0.11-1.fc35

This package provides a RPM packaging tool for Haskell Cabal-based packages. cabal-rpm has commands to generate a RPM spec file and srpm for a package. It can rpmbuild packages, yum/dnf install their dependencies, prep packages, and install them. There are commands to list package dependencies an...

Fedora Update for cabal-install FEDORA-2015-8206

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 22 : cabal-install-1.18.1.0-1.fc22 / haskell-platform-2014.2.0.0.2-4.fc22 (2015-8206)

Force cabal upload to always use digest auth and never basic auth Note this only affects uploading of new source tarballs to Hackage by Haskell upstream package maintainers. It is safer to upload packages via the Hackage web interface. Note that Tenable Network Security has extracted the precedin...