PT-2026-49731

Name of the Vulnerable Software and Affected Versions Astro versions prior to 6.3.3 Description When a component utilizes a client: directive, the software inserts named slot content into a data-astro-template attribute without performing HTML escaping on the slot name. This allows an attacker to...

PT-2026-49740

Name of the Vulnerable Software and Affected Versions Astro versions prior to 6.4.6 Description Astro SSR applications using prerendered error pages, such as '/404' or '/500' with export const prerender = true, fetch these pages over HTTP at runtime during an error. The fetch URL is derived from...

GHSA-48R7-HPM6-GFXM @angular/common: Denial of Service (DoS) via OOM in Date Formatting (formatDate)

A Denial of Service DoS vulnerability exists in the @angular/common package of the Angular framework. The formatDate function, which is also utilized by the standard Angular DatePipe, does not properly limit or validate the length of the format parameter. When parsing a maliciously crafted,...

@angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning

Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during client-side hydration. This avoids repeating the same HTTP requests on the client. The cached responses are stored in TransferState using a cache key generated by hashing reque...

GHSA-39PV-4J6C-2G6V @angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning

Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during client-side hydration. This avoids repeating the same HTTP requests on the client. The cached responses are stored in TransferState using a cache key generated by hashing reque...

@angular/platform-server: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR

A Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino when serializing the content of elements. When rendering dynamic text content inside a element via template bindings such as value or textContent, the template engine expects the browser ...

GHSA-GXX4-3XCV-F8QX @angular/platform-server: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR

A Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino when serializing the content of elements. When rendering dynamic text content inside a element via template bindings such as value or textContent, the template engine expects the browser ...

GHSA-HQR9-C56F-3X7F @angular/platform-server: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

A Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino when serializing the content of raw-text elements such as , , and . domino supports escaping raw-text elements during serialization to prevent closing-tag breakout. However, a Unicode ind...

GHSA-P3VC-36G9-X9GR @angular/common: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)

A Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber function, which is also utilized by DecimalPipe, PercentPipe, and CurrencyPipe, does not properly validate the upper bounds of the digitsInfo parameter. Specifically, the minimum and maximum...

GHSA-Q6F4-QQRG-JV6X @angular/common: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache

A vulnerability was discovered in @angular/common when Server-Side Rendering SSR and hydration are enabled. The HttpTransferCache utility optimizes hydration by caching outgoing HTTP requests performed during SSR and transferring the cached state to the client-side application via TransferState...

Use of Cache Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information via the HttpTransferCache utility. An attacker can access sensitive user-specific information by making requests to pages that have been cached by a shared caching layer after another user h...

@angular/common: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache

A vulnerability was discovered in @angular/common when Server-Side Rendering SSR and hydration are enabled. The HttpTransferCache utility optimizes hydration by caching outgoing HTTP requests performed during SSR and transferring the cached state to the client-side application via TransferState...

GHSA-XRXM-CP7J-8XF6 @angular/platform-server: URL Parser Differential leading to SSRF Allowlist Bypass

An issue in the @angular/platform-server package allows remote attackers to bypass host allowlist constraints and direct server-side outgoing requests to arbitrary external endpoints. This occurs due to a parser differential between the strict WHATWG URL parser used for allowlist validation and t...

Modification of Assumed-Immutable Data

Overview @angular/core is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this...

PT-2026-49583

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.1 Angular versions prior to 21.2.17 Angular versions prior to 20.3.25 Description A Denial of Service DoS issue exists in the @angular/common package. The formatDate function, also used by the standard DatePipe,...

PT-2026-49561

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.15 Angular versions prior to 20.3.22 Angular versions prior to 19.2.23 Description An issue exists in @angular/common when Server-Side Rendering SSR and hydration are enabled...

PT-2026-49582

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.1 Angular versions prior to 21.2.17 Angular versions prior to 20.3.25 Description Angular's HttpTransferCache caches HTTP requests during Server-Side Rendering SSR to be reused during client-side hydration,...

PT-2026-49562

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.15 Angular versions prior to 20.3.22 Angular versions prior to 19.2.23 Description A Denial of Service DoS issue exists in the @angular/common package. The formatNumber...

PT-2026-49566

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.16 Angular versions prior to 20.3.24 Angular versions prior to 19.2.25 Description A Cross-Site Scripting XSS issue exists in the DOM emulation dependency domino used by...

CVE-2026-41067

Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline ,...