EUVD-2025-37176

Malicious code in epic-angular-ui-codemirror npm...

Malicious code in epic-angular-ui-codemirror (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 475aba8f9dc17e38dcf35a7e5607ccc07a0b4e095aa0957ee57fdc75d0d4ee8d The package epic-angular-ui-codemirror was found to contain malicious code...

MAL-2025-49117 Malicious code in epic-angular-ui-codemirror (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 475aba8f9dc17e38dcf35a7e5607ccc07a0b4e095aa0957ee57fdc75d0d4ee8d The package epic-angular-ui-codemirror was found to contain malicious code...

EUVD-2025-36885

Malicious code in geopost-angular-components npm...

Malicious Package

Overview geopost-angular-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious code in rxjs-angular (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a3493cee8ab4bb7f4b656ed430193cea7d26bd53c7c124c9eeda99cf31ef7f4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview rxjs-angular is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-36855

Malicious code in rxjs-angular npm...

MAL-2025-49039 Malicious code in rxjs-angular (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a3493cee8ab4bb7f4b656ed430193cea7d26bd53c7c124c9eeda99cf31ef7f4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-49087 Malicious code in geopost-angular-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b519cc34afbb8ac8a6adcebfa4765a2553ad14947386e79821c5ad76ad67684a The package geopost-angular-components was found to contain malicious code. Source: ghsa-malware...

Malicious code in geopost-angular-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b519cc34afbb8ac8a6adcebfa4765a2553ad14947386e79821c5ad76ad67684a The package geopost-angular-components was found to contain malicious code. Source: ghsa-malware...

@angular-devkit/build-angular (>=20.2.0-next.3 <=21.0.0-next.8), @angular/build (>=20.2.0-next.3 <=21.0.0-next.8) +9 more potentially affected by CVE-2025-62522 via vite (>=7.1.0 <=7.1.10)

vite NPM version =7.1.0, =20.2.0-next.3, =20.2.0-next.3, =0.0.0, =2.20.3, =2.20.3, =0.0.12, =2.2.17, =2.2.17, =1.0.0, =2.20.3, =0.25.0-alpha.0, =0.25.0-alpha.1 Source cves: CVE-2025-62522 Source advisory: SNYK:JS-VITE-13644406...

@angular-devkit/build-angular (>=20.1.0 <=20.2.0-next.2), @angular/build (>=20.1.0 <=20.2.0-next.2) +59 more potentially affected by CVE-2025-62522 via vite (>=7.0.0 <=7.0.6)

vite NPM version =7.0.0, =20.1.0, =20.1.0, =0.0.4, =0.2.9, =1.190.0, =0.1.0, =19.3.2, =19.3.2, =0.0.1750946288791, =0.0.2, =0.0.7, =0.3.4 and more Source cves: CVE-2025-62522 Source advisory: SNYK:JS-VITE-13644406...

@angular-devkit/build-angular (>=17.3.12 <=19.0.7), @angular/build (>=18.1.0 <=19.0.7) +171 more potentially affected by CVE-2025-62522 via vite (>=5.2.6 <=5.4.20)

vite NPM version =5.2.6, =17.3.12, =18.1.0, =2.0.0-beta.3, =0.36.1, =0.1.2, =5.30.1, =0.9.1-next.19, =0.9.1-next.19, =0.9.1-next.19, =0.0.4, =0.21.1, =1.0.375, =1.0.409 - @cotofe/appkit-cdn =2.0.0 - @curatorjs/bridge =0.1.0 and more Source cves: CVE-2025-62522 Source advisory:...

@angular-devkit/build-angular (>=20.1.0 <=20.2.0-next.2), @angular/build (>=20.1.0 <=20.2.0-next.2) +59 more potentially affected by CVE-2025-62522 via vite (>=7.0.0 <=7.0.6)

vite NPM version =7.0.0, =20.1.0, =20.1.0, =0.0.4, =0.2.9, =1.190.0, =0.1.0, =19.3.2, =19.3.2, =0.0.1750946288791, =0.0.2, =0.0.7, =0.3.4 and more Source cves: CVE-2025-62522 Source advisory: OSV:GHSA-93M4-6634-74Q7...

@angular-devkit/build-angular (>=20.2.0-next.3 <=21.0.0-next.8), @angular/build (>=20.2.0-next.3 <=21.0.0-next.8) +9 more potentially affected by CVE-2025-62522 via vite (>=7.1.0 <=7.1.10)

vite NPM version =7.1.0, =20.2.0-next.3, =20.2.0-next.3, =0.0.0, =2.20.3, =2.20.3, =0.0.12, =2.2.17, =2.2.17, =1.0.0, =2.20.3, =0.25.0-alpha.0, =0.25.0-alpha.1 Source cves: CVE-2025-62522 Source advisory: OSV:GHSA-93M4-6634-74Q7...

Race Condition

@angular/platform-server, @angular/ssr and @nguniversal/common are vulnerable to Race Condition. The vulnerability is due to the platform injector being stored as a module-scoped global variable during server-side rendering, which allows concurrent requests to overwrite or access each other’s...

CVE-2025-62427

The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery SSRF flaw within the URL resolution mechanism of Angular's Server-Side Rendering package @angular/ssr before 19.2.18, 20.3.6, and 21.0.0-next.8. The function createRequestU...

EUVD-2025-34823

Angular SSR has a Server-Side Request Forgery SSRF flaw...

@manniwatch/client-desktop (>=0.30.0 <=0.30.1), @manniwatch/client-ng (>=0.30.0 <=0.30.1) +2 more potentially affected by CVE-2025-62427 via @angular/ssr (>=19.0.5 <=19.2.1)

@angular/ssr NPM version =19.0.5, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.20, =19.0.0-alpha.24 Source cves: CVE-2025-62427 Source advisory: OSV:GHSA-Q63Q-PGMF-MXHR...