VYPR

Angular

by Angular

npm: angular

Source repositories

CVEs (26)

  • CVE-2026-52725Jun 15, 2026
    risk 0.00cvss epss 0.00

    An issue in the `@angular/core` package allows bypassing script-execution restrictions during dynamic component creation. Specifically, the dynamic component instantiation mechanism (`createComponent`) failed to reject mounting components directly onto a `` or…

  • CVE-2026-50169Jun 15, 2026
    risk 0.00cvss epss 0.00

    An issue in the `@angular/service-worker` package compromises the integrity of request-policy enforcement during request reconstruction. When the Angular Service Worker intercepts network requests for matched assets, it reconstructs a new `Request` object using an internal…

  • CVE-2026-27970Feb 26, 2026
    risk 0.00cvss epss 0.00

    Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions prior to 21.2.0, 21.1.16, 20.3.17, and 19.2.19 have a cross-Site scripting vulnerability in the Angular internationalization (i18n)…

  • CVE-2025-61261Nov 7, 2025
    risk 0.00cvss epss 0.00

    A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

  • CVE-2024-21490Feb 10, 2024
    risk 0.00cvss epss 0.02

    This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause…

  • CVE-2022-25844May 1, 2022
    risk 0.00cvss epss 0.05

    The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This…

Page 2 of 2