Malicious Package

Overview sos-angular is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

Malicious Package

Overview @navancorp/angular-web-components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

@manniwatch/client-desktop (>=0.30.0 <=0.30.1), @manniwatch/client-ng (>=0.30.0 <=0.30.1) +2 more potentially affected by CVE-2025-59052 via @angular/ssr (>=19.0.5 <=19.2.1)

@angular/ssr NPM version =19.0.5, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.20, =19.0.0-alpha.24 Source cves: CVE-2025-59052 Source advisory: OSV:GHSA-68X2-MX4Q-78M7...

@adel-t/angular-ssr (>=1.0.0 <=1.0.2), @angularexpert/my-workspace (=0.0.0) +39 more potentially affected by CVE-2025-59052 via @angular/ssr (>=17.0.5 <=18.2.13)

@angular/ssr NPM version =17.0.5, =1.0.0, =1.0.0, =0.0.1, =0.0.1, =8.0.0, =0.0.0, =0.0.2, =0.0.11 - atlassian-components-library =0.0.0 - bwiser-workspace =0.0.6 - bworkman-resume =0.0.0 and more Source cves: CVE-2025-59052 Source advisory: OSV:GHSA-68X2-MX4Q-78M7...

GHSA-68X2-MX4Q-78M7 Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage

Impact Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as a JavaScript module-scoped global variable. When multiple requests are processed concurrently, they could inadvertently share...

CVE-2025-59052

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as ...

Race Condition

Overview @nguniversal/common is an Angular Universal module that is common across server-side rendering app irrespective of the rendering engine Affected versions of this package are vulnerable to Race Condition between multiple concurrent requests in the global platform injector, when using the...

@manniwatch/client-desktop (>=0.30.0 <=0.30.1), @manniwatch/client-ng (>=0.30.0 <=0.30.1) +2 more potentially affected by CVE-2025-59052 via @angular/ssr (>=19.0.5 <=19.2.1)

@angular/ssr NPM version =19.0.5, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.20, =19.0.0-alpha.24 Source cves: CVE-2025-59052 Source advisory: SNYK:JS-ANGULARSSR-12613576...

@cosla/sensemaking-web-ui (>=1.0.0 <=1.0.4) potentially affected by CVE-2025-59052 via @angular/ssr (=18.2.13)

@angular/ssr NPM version =18.2.13 is affected by a known vulnerability. The following packages have a transitive dependency on @angular/ssr and may be impacted: - @cosla/sensemaking-web-ui =1.0.0, =1.0.4 Source cves: CVE-2025-59052 Source advisory: SNYK:JS-ANGULARSSR-12613576...

Race Condition

Overview @angular/platform-server is an Angular - library for using Angular in Node.js Affected versions of this package are vulnerable to Race Condition between multiple concurrent requests in the global platform injector, when using the bootstrapApplication, getPlatform, or destroyPlatform...

Race Condition

Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Race Condition between multiple concurrent requests in the global platform injector, when using the bootstrapApplication, getPlatform, or destroyPlatform functions. This...

CVE-2025-59052 Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as ...

CVE-2025-59052 Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as ...

CVE-2025-59052

CVE-2025-59052: Angular SSR race condition in the platform injector can cause cross-request data leaks due to a global injector state shared across concurrent SSR requests. Affected: Angular SSR/server rendering path using bootstrapApplication, getPlatform, or destroyPlatform. Patched in all acti...

CVE-2025-59052 Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as ...

Security Bulletin: Multiple vulnerabilities found in IBM Security Verify Information Queue

Summary Multiple security vulnerabilities in the third-party libraries have been addressed in IBM Security Verify Information Queue ISIQ Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and...

PT-2025-37099

Name of the Vulnerable Software and Affected Versions: Angular versions 18.2.14 through 18.2.21 Angular versions 19.2.15 through 19.2.16 Angular versions 20.3.0 Angular versions 21.0.0-next.3 Description: Angular uses a DI container to hold request-specific state during server-side rendering. Due...

Angular 竞争条件问题漏洞

Angular is a development platform of Angular open source. It is used to build mobile and desktop web applications using Typescript / JavaScript and other languages. Angular suffers from a Competing Conditions Issue vulnerability that stems from the possibility that DI containers may share or...

Linux Distros Unpatched Vulnerability : CVE-2024-54152

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious...

@altipla/directus-sdk-utils (=0.7.2), @angular-devkit/build-angular (>=20.2.0 <=21.0.0-rc.1) +58 more potentially affected by CVE-2025-58751 via vite (>=7.1.0 <=7.1.4)

vite NPM version =7.1.0, =20.2.0, =20.2.0, =2.1.2-alpha.0, =0.0.0, =2.14.0, =5.0.0-beta.4, =30.0.0, =16.0.1, =1.0.0, =3.22.0, =9.0.0-next.68, =21.0.0-alpha.10, =21.0.0-alpha.10, =21.0.0-next.9 and more Source cves: CVE-2025-58751 Source advisory: OSV:GHSA-G4JQ-H2W9-997C...