CVE-2026-9496

Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing...

@angular/cli (=9.1.0-next.3), @schematics/update (=0.901.0-next.3) +1 more potentially affected by unknown CVE via @npmcli/git (=1.0.1)

@npmcli/git NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @npmcli/git and may be impacted: - @angular/cli =9.1.0-next.3 - @schematics/update =0.901.0-next.3 - pacote =11.1.1 Source cves: unknown CVE Source advisory:...