Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%
Buy Us a Coffee

angular — Vulnerabilities & Security Advisories 28

Browse all 28 CVE security advisories affecting angular. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Angular is a TypeScript-based web application framework primarily used for building single-page applications and dynamic user interfaces. Historically, it has been susceptible to cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities, often stemming from improper input validation and insecure default configurations. While Angular's built-in security features like DOM sanitization help mitigate risks, developers must still implement proper security practices. Notable incidents include CVE-2021-38540, which allowed RCE through template injection, and CVE-2022-41715, an XSS flaw in the Angular CLI. The framework's complexity and extensive third-party ecosystem contribute to its vulnerability landscape, requiring ongoing vigilance from development teams.

Top products by angular: angular angular-cli
CVE IDTitleCVSSSeverityPublished
CVE-2026-50171 Angular: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo) — angularCWE-400--2026-06-22
CVE-2026-50184 Angular: Request Credential & Cache Policy Stripping in Angular Service Worker — angularCWE-200--2026-06-22
CVE-2026-50169 Angular Service Worker Policy-Bypass & Credential-Stripping Vulnerabilities — angularCWE-200--2026-06-22
CVE-2026-46417 Angular: SSRF via Hostname Hijacking in @angular/platform-server — angularCWE-918--2026-06-22
CVE-2026-50168 Angular: URL Parser Differential in @angular/platform-server leading to SSRF Allowlist Bypass — angularCWE-346--2026-06-22
CVE-2026-50170 Angular: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache — angularCWE-524--2026-06-22
CVE-2026-50556 Angular: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR — angularCWE-79--2026-06-22
CVE-2026-50555 Angular: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in @angular/platform-server — angularCWE-79--2026-06-22
CVE-2026-54264 Angular: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker — angularCWE-200--2026-06-22
CVE-2026-54268 Angular: Denial of Service (DoS) via OOM in Date Formatting (formatDate) — angularCWE-400--2026-06-22
CVE-2026-54267 Angular Client Hydration DOM Clobbering & Response-Cache Poisoning — angularCWE-79--2026-06-22
CVE-2026-54266 Angular: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning — angularCWE-328--2026-06-22
CVE-2026-54265 Angular: Two-Way Property Binding Sanitization Bypass (XSS) — angularCWE-79--2026-06-22
CVE-2026-50178 Angular: Remote Code Execution via JSDoc Hover Command Injection in VS Code Angular Language Service Extension — angularCWE-79--2026-06-22
CVE-2026-52725 Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS) — angularCWE-79--2026-06-22
CVE-2026-49241 Angular: Multiple Remote Code Execution Vulnerabilities in Angular Language Service VS Code Extension — angularCWE-79--2026-06-22
CVE-2026-50557 Angular: Template and Attribute Namespace Sanitization Bypass (XSS) — angularCWE-79--2026-06-22
CVE-2026-44437 Angular SSR: Open Redirect and Request Steering via Encoded X-Forwarded-Prefix — angular-cliCWE-22--2026-05-13
CVE-2026-41423 Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server — angularCWE-918 9.1AICriticalAI2026-05-08
CVE-2026-33397 Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass — angular-cliCWE-601 6.1 -2026-03-26
CVE-2026-27970 Angular i18n vulnerable to Cross-Site Scripting (XSS) — angularCWE-79 6.1AIMediumAI2026-02-26
CVE-2026-27739 Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline — angular-cliCWE-918 9.8AICriticalAI2026-02-25
CVE-2026-27738 Angular SSR has an Open Redirect via X-Forwarded-Prefix — angular-cliCWE-601 6.1AIMediumAI2026-02-25
CVE-2026-22610 Angular has XSS Vulnerability via Unsanitized SVG Script Attributes — angularCWE-79 6.1 -2026-01-10
CVE-2025-66412 Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes — angularCWE-79 6.1AIMediumAI2025-12-01
CVE-2025-66035 Angular HTTP Client Has XSRF Token Leakage via Protocol-Relative URLs — angularCWE-201 6.5AIMediumAI2025-11-26
CVE-2025-62427 Server-Side Request Forgery (SSRF) in Angular SSR — angular-cliCWE-918 9.1AICriticalAI2025-10-16
CVE-2025-59052 Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage — angularCWE-362 5.9AIMediumAI2025-09-10

This page lists every published CVE security advisory associated with angular. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.