npm package
@angular/core
pkg:npm/%40angular/core
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-32635 | Cri | 9.0 | >= 22.0.0-next.0, < 22.0.0-next.3 | 22.0.0-next.3 | Mar 16, 2026 | Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, a Cross-Site Scripting (XSS) vulnerability has been identified in the Angular runtime and comp | |
| CVE-2026-27970 | — | >= 21.2.0-next.0, < 21.2.0 | 21.2.0 | Feb 26, 2026 | Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions prior to 21.2.0, 21.1.16, 20.3.17, and 19.2.19 have a cross-Site scripting vulnerability in the Angular internationalization (i18n) pipelin | ||
| CVE-2026-22610 | Med | 6.1 | >= 21.1.0-next.0, < 21.1.0-rc.0 | 21.1.0-rc.0 | Jan 10, 2026 | Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template | |
| CVE-2021-4231 | — | >= 11.0.0, < 11.0.5 | 11.0.5 | May 26, 2022 | A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. |
- affected >= 22.0.0-next.0, < 22.0.0-next.3fixed 22.0.0-next.3
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, a Cross-Site Scripting (XSS) vulnerability has been identified in the Angular runtime and comp
- CVE-2026-27970Feb 26, 2026affected >= 21.2.0-next.0, < 21.2.0fixed 21.2.0
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions prior to 21.2.0, 21.1.16, 20.3.17, and 19.2.19 have a cross-Site scripting vulnerability in the Angular internationalization (i18n) pipelin
- affected >= 21.1.0-next.0, < 21.1.0-rc.0fixed 21.1.0-rc.0
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template
- CVE-2021-4231May 26, 2022affected >= 11.0.0, < 11.0.5fixed 11.0.5
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first.