Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-50178 |
|
Cross-Site Scripting (XSS) in angular (CVE-2026-50178)
cross-site scripting in angular (CVE-2026-50178). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `21.2.4` or later.
|
| CVE-2026-49241 |
|
Cross-Site Scripting (XSS) in angular (CVE-2026-49241)
cross-site scripting in angular (CVE-2026-49241). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `21.2.4` or later.
|
| CVE-2026-54264 |
|
Information Disclosure in @angular/service-worker (CVE-2026-54264)
vulnerability in @angular/service-worker (CVE-2026-54264). Risk of unauthorized operations or information disclosure. Exploitable via ``Authorization``.
|
| CVE-2026-54268 |
|
Vulnerability in @angular/common (CVE-2026-54268)
vulnerability in @angular/common (CVE-2026-54268). Risk of unauthorized operations or information disclosure. Exploitable via ``formatDate``.
|
| CVE-2026-54266 |
|
Vulnerability in @angular/common (CVE-2026-54266)
vulnerability in @angular/common (CVE-2026-54266). Risk of unauthorized operations or information disclosure. Exploitable via ``HttpTransferCache``.
|
| CVE-2026-54265 |
|
Cross-Site Scripting (XSS) in @angular/compiler (CVE-2026-54265)
cross-site scripting in @angular/compiler (CVE-2026-54265). Risk of unauthorized operations or information disclosure. Exploitable via ``innerHTML``.
|
| CVE-2026-50557 |
|
Cross-Site Scripting (XSS) in @angular/core (CVE-2026-50557)
cross-site scripting in @angular/core (CVE-2026-50557). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50556 |
|
Cross-Site Scripting (XSS) in @angular/platform-server (CVE-2026-50556)
cross-site scripting in @angular/platform-server (CVE-2026-50556). Risk of unauthorized operations or information disclosure. Exploitable via ``domino``.
|
| CVE-2026-50555 |
|
Cross-Site Scripting (XSS) in @angular/platform-server (CVE-2026-50555)
cross-site scripting in @angular/platform-server (CVE-2026-50555). Risk of unauthorized operations or information disclosure. Exploitable via ``domino``.
|
| CVE-2026-50184 |
|
Information Disclosure in @angular/service-worker (CVE-2026-50184)
vulnerability in @angular/service-worker (CVE-2026-50184). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`.
|
| CVE-2026-50171 |
|
Vulnerability in @angular/common (CVE-2026-50171)
vulnerability in @angular/common (CVE-2026-50171). Risk of unauthorized operations or information disclosure. Exploitable via ``formatNumber``. Mitigation: upgrade to `21.2.15` or later.
|
| CVE-2026-50170 |
|
Vulnerability in @angular/common (CVE-2026-50170)
vulnerability in @angular/common (CVE-2026-50170). Confidential information can be exposed externally. Exploitable via ``HttpTransferCache``. Mitigation: upgrade to `21.2.15` or later.
|
| CVE-2026-52725 |
|
Cross-Site Scripting (XSS) in @angular/core (CVE-2026-52725)
cross-site scripting in @angular/core (CVE-2026-52725). Risk of unauthorized operations or information disclosure. Exploitable via ``createComponent``. Mitigation: upgrade to `20.3.22` or later.
|
| CVE-2026-50169 |
|
Information Disclosure in @angular/service-worker (CVE-2026-50169)
vulnerability in @angular/service-worker (CVE-2026-50169). Risk of unauthorized operations or information disclosure. Exploitable via ``Request``. Mitigation: upgrade to `21.2.15` or later.
|
| CVE-2026-50168 |
|
Vulnerability in @angular/platform-server (CVE-2026-50168)
vulnerability in @angular/platform-server (CVE-2026-50168). Confidential information can be exposed externally. Exploitable via `Host header`. Mitigation: upgrade to `21.2.15` or later.
|
| CVE-2026-54267 |
|
Cross-Site Scripting (XSS) in @angular/core (CVE-2026-54267)
cross-site scripting in @angular/core (CVE-2026-54267). Risk of unauthorized operations or information disclosure. Exploitable via ``HttpClient``.
|
| CVE-2026-46417 |
|
SSRF (Server-Side Request Forgery) in @angular/platform-server (CVE-2026-46417)
SSRF in @angular/platform-server (CVE-2026-46417). Risk of unauthorized operations or information disclosure. Exploitable via ``ServerPlatformLocation``.
|
| CVE-2025-40900 |
|
Vulnerability in angular (CVE-2025-40900)
vulnerability in angular (CVE-2025-40900). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44437 |
|
Path Traversal in @angular/ssr (CVE-2026-44437)
path traversal in @angular/ssr (CVE-2026-44437). Risk of unauthorized operations or information disclosure. Exploitable via ``redirectTo``. Mitigation: upgrade to `19.2.25` or later.
|
| CVE-2026-44643 |
|
Vulnerability in angular-expressions (CVE-2026-44643)
vulnerability in angular-expressions (CVE-2026-44643). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.5.2` or later.
|
| CVE-2026-44313 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
SSRF in ssrf (CVE-2026-44313). Confidential information can be exposed externally. Exploitable via `GET /api/v1/archives/{linkId}`.
|
| CVE-2026-41423 |
|
SSRF (Server-Side Request Forgery) in @angular/platform-server (CVE-2026-41423)
SSRF in @angular/platform-server (CVE-2026-41423). Risk of unauthorized operations or information disclosure. Exploitable via ``evil.com``.
|
| CVE-2026-27970 |
|
Cross-Site Scripting (XSS) in angular (CVE-2026-27970)
cross-site scripting in angular (CVE-2026-27970). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22610 |
|
Cross-Site Scripting (XSS) in @angular/compiler (CVE-2026-22610)
cross-site scripting in @angular/compiler (CVE-2026-22610). Risk of unauthorized operations or information disclosure. Exploitable via ``href``.
|
| CVE-2025-66412 |
|
Cross-Site Scripting (XSS) in @angular/compiler (CVE-2025-66412)
cross-site scripting in @angular/compiler (CVE-2025-66412). Risk of unauthorized operations or information disclosure. Exploitable via ``attributeName``.
|
| CVE-2025-66035 |
|
Vulnerability in @angular/common (CVE-2025-66035)
vulnerability in @angular/common (CVE-2025-66035). Risk of unauthorized operations or information disclosure. Exploitable via ``POST``. Mitigation: upgrade to `19.2.16` or later.
|
| CVE-2024-21490 |
|
Vulnerability in angular (CVE-2024-21490)
vulnerability in angular (CVE-2024-21490). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-34840 |
|
Cross-Site Scripting (XSS) in angular (CVE-2023-34840)
cross-site scripting in angular (CVE-2023-34840). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12677 |
|
Cross-Site Scripting (XSS) in angular (CVE-2017-12677)
cross-site scripting in angular (CVE-2017-12677). Risk of unauthorized operations or information disclosure.
|