GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
22 advisories
@angular/service-worker: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker
High
CVE-2026-54264
was published
for
@angular/service-worker
(npm)
Jun 15, 2026
@angular/common: Denial of Service (DoS) via OOM in Date Formatting (formatDate)
High
CVE-2026-54268
was published
for
@angular/common
(npm)
Jun 15, 2026
@angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning
High
CVE-2026-54266
was published
for
@angular/common
(npm)
Jun 15, 2026
Angular: Template and Attribute Namespace Sanitization Bypass (XSS)
Moderate
CVE-2026-50557
was published
for
@angular/compiler
(npm)
Jun 15, 2026
@angular/platform-server: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR
High
CVE-2026-50556
was published
for
@angular/platform-server
(npm)
Jun 15, 2026
@angular/platform-server: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
High
CVE-2026-50555
was published
for
@angular/platform-server
(npm)
Jun 15, 2026
@angular/service-worker: Request Credential & Cache Policy Stripping
Moderate
CVE-2026-50184
was published
for
@angular/service-worker
(npm)
Jun 15, 2026
@angular/common: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)
High
CVE-2026-50171
was published
for
@angular/common
(npm)
Jun 15, 2026
@angular/common: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache
High
CVE-2026-50170
was published
for
@angular/common
(npm)
Jun 15, 2026
@angular/core: Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)
Moderate
CVE-2026-52725
was published
for
@angular/core
(npm)
Jun 15, 2026
Angular Service Worker Policy-Bypass & Credential-Stripping Vulnerabilities
Moderate
CVE-2026-50169
was published
for
@angular/service-worker
(npm)
Jun 15, 2026
@angular/platform-server: URL Parser Differential leading to SSRF Allowlist Bypass
High
CVE-2026-50168
was published
for
@angular/platform-server
(npm)
Jun 15, 2026
Angular Client Hydration DOM Clobbering & Response-Cache Poisoning
High
CVE-2026-54267
was published
for
@angular/core
(npm)
Jun 15, 2026
Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server
High
CVE-2026-41423
was published
for
@angular/platform-server
(npm)
Apr 16, 2026
Protocol-Relative URL Injection via Single Backslash Bypass in Angular SSR
Moderate
CVE-2026-33397
was published
for
@angular/ssr
(npm)
Mar 19, 2026
Angular vulnerable to XSS in i18n attribute bindings
High
CVE-2026-32635
was published
for
@angular/compiler
(npm)
Mar 13, 2026
Angular i18n vulnerable to Cross-Site Scripting
High
CVE-2026-27970
was published
for
@angular/core
(npm)
Feb 27, 2026
Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline
Critical
CVE-2026-27739
was published
for
@angular/ssr
(npm)
Feb 25, 2026
Angular SSR has an Open Redirect via X-Forwarded-Prefix
Moderate
CVE-2026-27738
was published
for
@angular/ssr
(npm)
Feb 25, 2026
Angular has XSS Vulnerability via Unsanitized SVG Script Attributes
High
CVE-2026-22610
was published
for
@angular/compiler
(npm)
Jan 9, 2026
Angular SSR has a Server-Side Request Forgery (SSRF) flaw
High
CVE-2025-62427
was published
for
@angular/ssr
(npm)
Oct 16, 2025
Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage
High
CVE-2025-59052
was published
for
@angular/platform-server
(npm)
Sep 10, 2025
ProTip!
Advisories are also available from the
GraphQL API