GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,316
Maven
5,000+
npm
5,000+
NuGet
1,030
pip
5,000+
Pub
13
RubyGems
1,116
Rust
1,493
Swift
61
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
@angular/service-worker: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker
High
CVE-2026-54264
was published
for
@angular/service-worker
(npm)
Jun 15, 2026
@angular/common: Denial of Service (DoS) via OOM in Date Formatting (formatDate)
High
CVE-2026-54268
was published
for
@angular/common
(npm)
Jun 15, 2026
@angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning
High
CVE-2026-54266
was published
for
@angular/common
(npm)
Jun 15, 2026
@angular/platform-server: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR
High
CVE-2026-50556
was published
for
@angular/platform-server
(npm)
Jun 15, 2026
@angular/platform-server: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
High
CVE-2026-50555
was published
for
@angular/platform-server
(npm)
Jun 15, 2026
@angular/common: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)
High
CVE-2026-50171
was published
for
@angular/common
(npm)
Jun 15, 2026
@angular/common: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache
High
CVE-2026-50170
was published
for
@angular/common
(npm)
Jun 15, 2026
@angular/platform-server: URL Parser Differential leading to SSRF Allowlist Bypass
High
CVE-2026-50168
was published
for
@angular/platform-server
(npm)
Jun 15, 2026
Angular Client Hydration DOM Clobbering & Response-Cache Poisoning
High
CVE-2026-54267
was published
for
@angular/core
(npm)
Jun 15, 2026
Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server
High
CVE-2026-41423
was published
for
@angular/platform-server
(npm)
Apr 16, 2026
Angular vulnerable to XSS in i18n attribute bindings
High
CVE-2026-32635
was published
for
@angular/compiler
(npm)
Mar 13, 2026
Angular i18n vulnerable to Cross-Site Scripting
High
CVE-2026-27970
was published
for
@angular/core
(npm)
Feb 27, 2026
Angular has XSS Vulnerability via Unsanitized SVG Script Attributes
High
CVE-2026-22610
was published
for
@angular/compiler
(npm)
Jan 9, 2026
Angular SSR has a Server-Side Request Forgery (SSRF) flaw
High
CVE-2025-62427
was published
for
@angular/ssr
(npm)
Oct 16, 2025
Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage
High
CVE-2025-59052
was published
for
@angular/platform-server
(npm)
Sep 10, 2025
ProTip!
Advisories are also available from the
GraphQL API