Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

7 advisories

Loading
Angular SSR has an Open Redirect via X-Forwarded-Prefix Moderate
CVE-2026-27738 was published for @angular/ssr (npm) Feb 25, 2026
alan-agius4 Credited to alan-agius4, josephperrott, securityMB, AndrewKushnir, dgp1130, and VenkatKwest josephperrott josephperrott
securityMB securityMB AndrewKushnir AndrewKushnir dgp1130 dgp1130 VenkatKwest VenkatKwest
Protocol-Relative URL Injection via Single Backslash Bypass in Angular SSR Moderate
CVE-2026-33397 was published for @angular/ssr (npm) Mar 19, 2026
VenkatKwest Credited to VenkatKwest, alan-agius4, securityMB, josephperrott, AndrewKushnir, and dgp1130 alan-agius4 alan-agius4
securityMB securityMB josephperrott josephperrott AndrewKushnir AndrewKushnir dgp1130 dgp1130
Angular SSR has Open Redirect and Request Steering via Encoded X-Forwarded-Prefix Moderate
CVE-2026-44437 was published for @angular/ssr (npm) May 6, 2026
kimkou2024 Credited to kimkou2024, alan-agius4, dgp1130, and AndrewKushnir alan-agius4 alan-agius4
dgp1130 dgp1130 AndrewKushnir AndrewKushnir
Angular Service Worker Policy-Bypass & Credential-Stripping Vulnerabilities Moderate
CVE-2026-50169 was published for @angular/service-worker (npm) Jun 15, 2026
Yenya030 Credited to Yenya030, alan-agius4, JeanMeche, josephperrott, and AndrewKushnir alan-agius4 alan-agius4
JeanMeche JeanMeche josephperrott josephperrott AndrewKushnir AndrewKushnir
@angular/core: Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS) Moderate
CVE-2026-52725 was published for @angular/core (npm) Jun 15, 2026
SkyZeroZx Credited to SkyZeroZx, AndrewKushnir, alan-agius4, and josephperrott AndrewKushnir AndrewKushnir
alan-agius4 alan-agius4 josephperrott josephperrott
@angular/service-worker: Request Credential & Cache Policy Stripping Moderate
CVE-2026-50184 was published for @angular/service-worker (npm) Jun 15, 2026
SkyZeroZx Credited to SkyZeroZx, josephperrott, AndrewKushnir, alan-agius4, and JeanMeche josephperrott josephperrott
AndrewKushnir AndrewKushnir alan-agius4 alan-agius4 JeanMeche JeanMeche
Angular: Template and Attribute Namespace Sanitization Bypass (XSS) Moderate
CVE-2026-50557 was published for @angular/compiler (npm) Jun 15, 2026
SkyZeroZx Credited to SkyZeroZx, alan-agius4, josephperrott, and AndrewKushnir alan-agius4 alan-agius4
josephperrott josephperrott AndrewKushnir AndrewKushnir
ProTip! Advisories are also available from the GraphQL API