Linux Distros Unpatched Vulnerability : CVE-2026-52725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

Cross-site Scripting (XSS)

Overview @angular/core is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this...

GHSA-692R-GRFM-V8X7 @angular/core: Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)

An issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component creation. Specifically, the dynamic component instantiation mechanism createComponent failed to reject mounting components directly onto a or namespaced script element such as . This...

Cross-site Scripting (XSS)

Overview @angular/core is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this...

@angular/core: Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)

An issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component creation. Specifically, the dynamic component instantiation mechanism createComponent failed to reject mounting components directly onto a or namespaced script element such as . This...

Modification of Assumed-Immutable Data

Overview @angular/core is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this...

ROOT-APP-NPM-AIKIDO-2026-11077 AIKIDO-2026-11077 in @rootio/angular__core - Patched by Root

Root has patched AIKIDO-2026-11077 in the @rootio/angularcore package for Root:npm. Multiple fixed versions available...

PT-2026-49568

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.15 Angular versions prior to 20.3.22 Angular versions prior to 19.2.23 Description An issue in the @angular/core package allows bypassing script-execution restrictions during...

Cross-site Scripting (XSS)

Overview @angular/core is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this...

Cross-site Scripting (XSS)

@angular/core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of HTML from translated content in the Angular internationalization i18n pipeline, where an attacker can execute arbitrary JavaScript by compromising the translation file. When...

4science_ng-dynamic-forms (>=19.0.0 <=19.0.3), @123samir/gonna-build-a-mountain-po-ts-lint (>=6.0.0 <=10.0.0-rc.1) +5273 more potentially affected by CVE-2026-27970 via @angular/core (>=0.0.0-0 <=18.2.14)

@angular/core NPM version =0.0.0-0, =19.0.0, =6.0.0, =0.0.0, =0.2.0, =3.0.2, =3.0.3 - @aakashsuryawanshi/ng-idle =1.0.0 - @aalsi/ap-lib-demo =0.0.3-SNAPSHOT - @abaza738/angular-editor =1.0.0 - @abdos/ngx-tinzert =0.0.0 - @abdullk00138/watch-list =1.0.0 - @abdullk00138/webui =1.0.2 -...

Cross-site Scripting (XSS)

Overview @angular/core is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this...

Cross-site Scripting (XSS)

Overview @angular/core is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this...

4science_ng-dynamic-forms (>=19.0.0 <=19.0.3), @123samir/gonna-build-a-mountain-po-ts-lint (>=6.0.0 <=10.0.0-rc.1) +5273 more potentially affected by CVE-2026-22610 via @angular/core (>=0.0.0-0 <=18.2.14)

@angular/core NPM version =0.0.0-0, =19.0.0, =6.0.0, =0.0.0, =0.2.0, =3.0.2, =3.0.3 - @aakashsuryawanshi/ng-idle =1.0.0 - @aalsi/ap-lib-demo =0.0.3-SNAPSHOT - @abaza738/angular-editor =1.0.0 - @abdos/ngx-tinzert =0.0.0 - @abdullk00138/watch-list =1.0.0 - @abdullk00138/webui =1.0.2 -...

Malicious code in cubyn-angular-core (npm)

The package cubyn-angular-core was found to contain malicious code...

MAL-2025-17818 Malicious code in cubyn-angular-core (npm)

The package cubyn-angular-core was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2024-21490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear...

Malicious code in traceviz-angular-core (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd91335d1e9106d7a9f2dfe3a76ecdb4e4cf5008dc0da1a864d0e1a084f3f1ec Any computer that has this package installed or running should be considered...

MAL-2025-4967 Malicious code in traceviz-angular-core (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dd91335d1e9106d7a9f2dfe3a76ecdb4e4cf5008dc0da1a864d0e1a084f3f1ec Any computer that has this package installed or running should be considered...

SUSE CVE-2024-21490

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of servic...