GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server
High
GHSA-45q2-gjvg-7973
was published
for
@angular/platform-server
(npm)
Apr 16, 2026
Protocol-Relative URL Injection via Single Backslash Bypass in Angular SSR
Moderate
CVE-2026-33397
was published
for
@angular/ssr
(npm)
Mar 19, 2026
Angular vulnerable to XSS in i18n attribute bindings
High
CVE-2026-32635
was published
for
@angular/compiler
(npm)
Mar 13, 2026
Angular i18n vulnerable to Cross-Site Scripting
High
CVE-2026-27970
was published
for
@angular/core
(npm)
Feb 27, 2026
Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline
Critical
CVE-2026-27739
was published
for
@angular/ssr
(npm)
Feb 25, 2026
Angular SSR has an Open Redirect via X-Forwarded-Prefix
Moderate
CVE-2026-27738
was published
for
@angular/ssr
(npm)
Feb 25, 2026
Angular has XSS Vulnerability via Unsanitized SVG Script Attributes
High
CVE-2026-22610
was published
for
@angular/compiler
(npm)
Jan 9, 2026
Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes
High
CVE-2025-66412
was published
for
@angular/compiler
(npm)
Dec 2, 2025
Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client
High
CVE-2025-66035
was published
for
@angular/common
(npm)
Nov 26, 2025
Angular SSR has a Server-Side Request Forgery (SSRF) flaw
High
CVE-2025-62427
was published
for
@angular/ssr
(npm)
Oct 16, 2025
Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage
High
CVE-2025-59052
was published
for
@angular/platform-server
(npm)
Sep 10, 2025
ProTip!
Advisories are also available from the
GraphQL API