VYPR

Angular CLI

by Angular

Source repositories

CVEs (6)

  • CVE-2026-27739CriFeb 25, 2026
    risk 0.53cvss epss 0.01

    The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery (SSRF) vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because…

  • CVE-2026-32635CriMar 16, 2026
    risk 0.52cvss 9.0epss 0.00

    Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, a Cross-Site Scripting (XSS) vulnerability has been identified in the Angular runtime and…

  • CVE-2025-62427HigOct 16, 2025
    risk 0.50cvss epss 0.00

    The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery (SSRF) flaw within the URL resolution mechanism of Angular's Server-Side Rendering package (@angular/ssr) before 19.2.18, 20.3.6, and 21.0.0-next.8. The…

  • CVE-2026-27738MedFeb 25, 2026
    risk 0.38cvss epss 0.00

    The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, the 20.x branch prior to 20.3.17, and the 21.x branch prior to 21.1.5 and…

  • CVE-2026-44437MedMay 13, 2026
    risk 0.33cvss 6.1epss 0.00

    The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism…

  • CVE-2026-33397MedMar 26, 2026
    risk 0.33cvss 6.1epss 0.00

    The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in `@angular/ssr` due to an incomplete fix for…