Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: angular Clear
ID Title
CVE-2026-50178 Cross-Site Scripting (XSS) in angular (CVE-2026-50178)
cross-site scripting in angular (CVE-2026-50178). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `21.2.4` or later.
CVE-2026-49241 Cross-Site Scripting (XSS) in angular (CVE-2026-49241)
cross-site scripting in angular (CVE-2026-49241). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `21.2.4` or later.
CVE-2026-54264 Information Disclosure in @angular/service-worker (CVE-2026-54264)
vulnerability in @angular/service-worker (CVE-2026-54264). Risk of unauthorized operations or information disclosure. Exploitable via ``Authorization``.
CVE-2026-54268 Vulnerability in @angular/common (CVE-2026-54268)
vulnerability in @angular/common (CVE-2026-54268). Risk of unauthorized operations or information disclosure. Exploitable via ``formatDate``.
CVE-2026-54266 Vulnerability in @angular/common (CVE-2026-54266)
vulnerability in @angular/common (CVE-2026-54266). Risk of unauthorized operations or information disclosure. Exploitable via ``HttpTransferCache``.
CVE-2026-54265 Cross-Site Scripting (XSS) in @angular/compiler (CVE-2026-54265)
cross-site scripting in @angular/compiler (CVE-2026-54265). Risk of unauthorized operations or information disclosure. Exploitable via ``innerHTML``.
CVE-2026-50557 Cross-Site Scripting (XSS) in @angular/core (CVE-2026-50557)
cross-site scripting in @angular/core (CVE-2026-50557). Risk of unauthorized operations or information disclosure.
CVE-2026-50556 Cross-Site Scripting (XSS) in @angular/platform-server (CVE-2026-50556)
cross-site scripting in @angular/platform-server (CVE-2026-50556). Risk of unauthorized operations or information disclosure. Exploitable via ``domino``.
CVE-2026-50555 Cross-Site Scripting (XSS) in @angular/platform-server (CVE-2026-50555)
cross-site scripting in @angular/platform-server (CVE-2026-50555). Risk of unauthorized operations or information disclosure. Exploitable via ``domino``.
CVE-2026-50184 Information Disclosure in @angular/service-worker (CVE-2026-50184)
vulnerability in @angular/service-worker (CVE-2026-50184). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`.
CVE-2026-50171 Vulnerability in @angular/common (CVE-2026-50171)
vulnerability in @angular/common (CVE-2026-50171). Risk of unauthorized operations or information disclosure. Exploitable via ``formatNumber``. Mitigation: upgrade to `21.2.15` or later.
CVE-2026-50170 Vulnerability in @angular/common (CVE-2026-50170)
vulnerability in @angular/common (CVE-2026-50170). Confidential information can be exposed externally. Exploitable via ``HttpTransferCache``. Mitigation: upgrade to `21.2.15` or later.
CVE-2026-52725 Cross-Site Scripting (XSS) in @angular/core (CVE-2026-52725)
cross-site scripting in @angular/core (CVE-2026-52725). Risk of unauthorized operations or information disclosure. Exploitable via ``createComponent``. Mitigation: upgrade to `20.3.22` or later.
CVE-2026-50169 Information Disclosure in @angular/service-worker (CVE-2026-50169)
vulnerability in @angular/service-worker (CVE-2026-50169). Risk of unauthorized operations or information disclosure. Exploitable via ``Request``. Mitigation: upgrade to `21.2.15` or later.
CVE-2026-50168 Vulnerability in @angular/platform-server (CVE-2026-50168)
vulnerability in @angular/platform-server (CVE-2026-50168). Confidential information can be exposed externally. Exploitable via `Host header`. Mitigation: upgrade to `21.2.15` or later.
CVE-2026-54267 Cross-Site Scripting (XSS) in @angular/core (CVE-2026-54267)
cross-site scripting in @angular/core (CVE-2026-54267). Risk of unauthorized operations or information disclosure. Exploitable via ``HttpClient``.
CVE-2026-46417 SSRF (Server-Side Request Forgery) in @angular/platform-server (CVE-2026-46417)
SSRF in @angular/platform-server (CVE-2026-46417). Risk of unauthorized operations or information disclosure. Exploitable via ``ServerPlatformLocation``.
CVE-2025-40900 Vulnerability in angular (CVE-2025-40900)
vulnerability in angular (CVE-2025-40900). Risk of unauthorized operations or information disclosure.
CVE-2026-44437 Path Traversal in @angular/ssr (CVE-2026-44437)
path traversal in @angular/ssr (CVE-2026-44437). Risk of unauthorized operations or information disclosure. Exploitable via ``redirectTo``. Mitigation: upgrade to `19.2.25` or later.
CVE-2026-44643 Vulnerability in angular-expressions (CVE-2026-44643)
vulnerability in angular-expressions (CVE-2026-44643). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.5.2` or later.
CVE-2026-44313 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
SSRF in ssrf (CVE-2026-44313). Confidential information can be exposed externally. Exploitable via `GET /api/v1/archives/{linkId}`.
CVE-2026-41423 SSRF (Server-Side Request Forgery) in @angular/platform-server (CVE-2026-41423)
SSRF in @angular/platform-server (CVE-2026-41423). Risk of unauthorized operations or information disclosure. Exploitable via ``evil.com``.
CVE-2026-27970 Cross-Site Scripting (XSS) in angular (CVE-2026-27970)
cross-site scripting in angular (CVE-2026-27970). Risk of unauthorized operations or information disclosure.
CVE-2026-22610 Cross-Site Scripting (XSS) in @angular/compiler (CVE-2026-22610)
cross-site scripting in @angular/compiler (CVE-2026-22610). Risk of unauthorized operations or information disclosure. Exploitable via ``href``.
CVE-2025-66412 Cross-Site Scripting (XSS) in @angular/compiler (CVE-2025-66412)
cross-site scripting in @angular/compiler (CVE-2025-66412). Risk of unauthorized operations or information disclosure. Exploitable via ``attributeName``.
CVE-2025-66035 Vulnerability in @angular/common (CVE-2025-66035)
vulnerability in @angular/common (CVE-2025-66035). Risk of unauthorized operations or information disclosure. Exploitable via ``POST``. Mitigation: upgrade to `19.2.16` or later.
CVE-2024-21490 Vulnerability in angular (CVE-2024-21490)
vulnerability in angular (CVE-2024-21490). Risk of unauthorized operations or information disclosure.
CVE-2023-34840 Cross-Site Scripting (XSS) in angular (CVE-2023-34840)
cross-site scripting in angular (CVE-2023-34840). Risk of unauthorized operations or information disclosure.
CVE-2017-12677 Cross-Site Scripting (XSS) in angular (CVE-2017-12677)
cross-site scripting in angular (CVE-2017-12677). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →