org.webjars.npm:angular-devkit__architect (=0.1902.8), org.webjars.npm:angular-devkit__core (=19.2.8) +2 more potentially affected by CVE-2026-33672 via org.webjars.npm:picomatch (=4.0.2)

org.webjars.npm:picomatch MAVEN version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:picomatch and may be impacted: - org.webjars.npm:angular-devkitarchitect =0.1902.8 - org.webjars.npm:angular-devkitcore =19.2.8 -...

4itech-schematics (>=11.3.0 <=11.7.0-5), @4itech/schematics (=11.7.0) +72 more potentially affected by CVE-2026-33671 via picomatch (=3.0.1)

picomatch NPM version =3.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on picomatch and may be impacted: - 4itech-schematics =11.3.0, =10.0.0-alpha.1, =10.0.0-alpha.1, =10.0.0-alpha.1, =0.1700.0, =0.1700.0, =17.0.0, =0.1700.0, =17.0.0, =17.0.0,...

org.webjars.npm:angular-devkit__architect (=0.1902.8), org.webjars.npm:angular-devkit__core (=19.2.8) +2 more potentially affected by CVE-2026-33671 via org.webjars.npm:picomatch (=4.0.2)

org.webjars.npm:picomatch MAVEN version =4.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:picomatch and may be impacted: - org.webjars.npm:angular-devkitarchitect =0.1902.8 - org.webjars.npm:angular-devkitcore =19.2.8 -...

@eui/deps-base (>=19.0.0-next.1 <=19.3.14-snapshot-1775028727408), @eui/deps-base-light (>=19.0.0-next.1 <=19.3.14-snapshot-1775028727408) +2 more potentially affected by CVE-2026-27739 via @angular-devkit/build-angular (>=19.0.0-next.10 <=19.2.19)

@angular-devkit/build-angular NPM version =19.0.0-next.10, =19.0.0-next.1, =19.0.0-next.1, =19.0.0, =19.0.1 - ng-deploy-oss =19.0.0 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARDEVKITBUILDANGULAR-15357315...

@eui/deps-base (>=21.0.0-alpha.10 <=23.0.0-alpha.1), @eui/deps-base-light (>=21.0.0-alpha.10 <=23.0.0-alpha.1) +1 more potentially affected by CVE-2026-27739 via @angular-devkit/build-angular (>=21.0.0-next.1 <=21.1.0)

@angular-devkit/build-angular NPM version =21.0.0-next.1, =21.0.0-alpha.10, =21.0.0-alpha.10, =23.0.0-alpha.1 - ng-deploy-oss =21.0.0 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARDEVKITBUILDANGULAR-15357315...

@eui/deps-base-light-next (>=19.2.2 <=21.0.0-alpha.32), @eui/deps-base-next (>=19.2.2 <=21.0.0-alpha.32) +1 more potentially affected by CVE-2026-27739 via @angular-devkit/build-angular (>=20.0.0-rc.0 <=20.1.0)

@angular-devkit/build-angular NPM version =20.0.0-rc.0, =19.2.2, =19.2.2, =21.0.0-alpha.32 - ng-deploy-oss =20.0.0 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARDEVKITBUILDANGULAR-15357315...

org.webjars.npm:angular-devkit__architect (=0.1902.8), org.webjars.npm:angular-devkit__core (>=15.2.0-next.3 <=19.2.8) +2 more potentially affected by CVE-2025-69873 via org.webjars.npm:ajv (>=8.12.0 <=8.17.1)

org.webjars.npm:ajv MAVEN version =8.12.0, =15.2.0-next.3, =15.2.0-next.3, =15.2.0-next.3, =19.2.8 Source cves: CVE-2025-69873 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15274296...

@angular-devkit/build-angular (>=20.2.0-next.3 <=21.0.0-next.8), @angular/build (>=20.2.0-next.3 <=21.0.0-next.8) +9 more potentially affected by CVE-2025-62522 via vite (>=7.1.0 <=7.1.10)

vite NPM version =7.1.0, =20.2.0-next.3, =20.2.0-next.3, =0.0.0, =2.20.3, =2.20.3, =0.0.12, =2.2.17, =2.2.17, =1.0.0, =2.20.3, =0.25.0-alpha.0, =0.25.0-alpha.1 Source cves: CVE-2025-62522 Source advisory: SNYK:JS-VITE-13644406...

@angular-devkit/build-angular (>=20.1.0 <=20.2.0-next.2), @angular/build (>=20.1.0 <=20.2.0-next.2) +59 more potentially affected by CVE-2025-58751 via vite (>=7.0.0 <=7.0.6)

vite NPM version =7.0.0, =20.1.0, =20.1.0, =0.0.4, =0.2.9, =1.190.0, =0.1.0, =19.3.2, =19.3.2, =0.0.1750946288791, =0.0.2, =0.0.7, =0.3.4 and more Source cves: CVE-2025-58751 Source advisory: OSV:GHSA-G4JQ-H2W9-997C...

MAL-2025-6901 Malicious code in @angular_devkit/build_angular (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Malicious code in @angular_devkit/build_angular (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Malicious code in @angular_devkit/architect (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-6900 Malicious code in @angular_devkit/architect (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-6870 Malicious code in @angular_devkit/build-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 053dbd5b72c824b5644482986fcc9a5caca48fcbe447f90f957e420418f2bcb4 The OpenSSF Package Analysis project identified '@angulardevkit/build-webpack' @ 99.1.1 npm as malicious. It is considered malicious because: -...

Malicious code in @angular_devkit/build-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 053dbd5b72c824b5644482986fcc9a5caca48fcbe447f90f957e420418f2bcb4 The OpenSSF Package Analysis project identified '@angulardevkit/build-webpack' @ 99.1.1 npm as malicious. It is considered malicious because: -...

MAL-2025-6869 Malicious code in @angular_devkit/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e71b8ecbb1a24ad2e952dddfe831edc984a60be61de846d61903baae55b376bc The OpenSSF Package Analysis project identified '@angulardevkit/core' @ 99.1.1 npm as malicious. It is considered malicious because: - The packa...

Malicious code in @angular_devkit/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e71b8ecbb1a24ad2e952dddfe831edc984a60be61de846d61903baae55b376bc The OpenSSF Package Analysis project identified '@angulardevkit/core' @ 99.1.1 npm as malicious. It is considered malicious because: - The packa...

@andrewzagorski/admin (>=4.25.19-patch.2 <=4.25.19-patch.3), @andrewzagorski/pack-up (=4.23.1-prerelease.2) +25 more potentially affected by CVE-2025-31125 via vite (>=6.0.0 <=6.0.11)

vite NPM version =6.0.0, =4.25.19-patch.2, =19.1.5, =19.1.5, =5.0.0-alpha.37, =19.1.0, =19.1.0, =2.11.0, =2.11.0, =11.23.0, =0.0.0-experimental-13bd4c2-20250203-4e3af844, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =0.3.0-dev.12 and more Source cves: CVE-2025-31125 Source advisory:...

@andrewzagorski/admin (>=4.25.19-patch.2 <=4.25.19-patch.3), @andrewzagorski/pack-up (=4.23.1-prerelease.2) +25 more potentially affected by CVE-2025-30208 via vite (>=6.0.0 <=6.0.11)

vite NPM version =6.0.0, =4.25.19-patch.2, =19.1.5, =19.1.5, =5.0.0-alpha.37, =19.1.0, =19.1.0, =2.11.0, =2.11.0, =11.23.0, =0.0.0-experimental-13bd4c2-20250203-4e3af844, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =0.3.0-dev.12 and more Source cves: CVE-2025-30208 Source advisory:...

@angular-devkit/build-angular (>=18.0.0 <=18.1.0-next.2), @angular/build (>=18.0.0 <=18.1.0-next.2) +57 more potentially affected by CVE-2024-45812 via vite (>=5.2.0 <=5.2.13)

vite NPM version =5.2.0, =18.0.0, =18.0.0, =5.0.0-alpha.4, =0.1.0-rc.8, =18.0.0-next.46, =18.0.0-next.46, =3.0.2, =3.5.0, =4.1.0, =34.0.0, =2.1.3, =1.2.0, =1.0.0, =11.17.0, =8.0.8, =8.1.0 and more Source cves: CVE-2024-45812 Source advisory: OSV:GHSA-64VR-G452-QVP3...