Lucene search
K

419 matches found

Snyk
Snyk
added 2026/06/16 2:57 p.m.8 views

Cross-site Scripting (XSS)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the addAttribute function, which interpolates unescaped object keys as HTML attribute names when spreadi...

6.1CVSS5.9AI score0.0016EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/16 2:57 p.m.7 views

Astro: XSS via Unescaped Attribute Names in Spread Props

Summary The spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolates the key into the HTML output without escaping. When a developer uses the spread syntax ...props on an HTML element and the object...

6.1CVSS5.8AI score0.0016EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 2:38 p.m.8 views

Astro: Host header SSRF in prerendered error page fetch

Summary Astro SSR apps with prerendered error pages /404 or /500 using export const prerender = true fetch those pages over HTTP at runtime when an error occurs. The URL for this fetch is derived from request.url, which in turn gets its origin from the incoming Host header. When the Host header i...

7.5CVSS5.6AI score0.00196EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 2:5 p.m.35 views

Astro: Reflected XSS via unescaped slot name

Summary When a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflected XSS during SSR. This is similar...

7.1CVSS5.4AI score0.00177EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 1:47 p.m.7 views

Nuxt: URL-handling weaknesses in `navigateTo` and `reloadNuxtApp`: SSR open redirect, client-side script execution via the `open` option, and protocol-relative bypass in `reloadNuxtApp`

Summary Three weaknesses in Nuxt's client-navigation URL handling, all reachable from documented public APIs navigateTo and reloadNuxtApp: 1. SSR open redirect in navigateTo via path-normalisation bypass. navigateTo decided whether a target was external by inspecting the raw input with...

6.1CVSS5.6AI score0.00205EPSS
Exploits0References10Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.10 views

PT-2026-49740

Name of the Vulnerable Software and Affected Versions Astro versions prior to 6.4.6 Description Astro SSR applications using prerendered error pages, such as '/404' or '/500' with export const prerender = true, fetch these pages over HTTP at runtime during an error. The fetch URL is derived from...

7.5CVSS6AI score0.00196EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-49731

Name of the Vulnerable Software and Affected Versions Astro versions prior to 6.3.3 Description When a component utilizes a client: directive, the software inserts named slot content into a data-astro-template attribute without performing HTML escaping on the slot name. This allows an attacker to...

7.1CVSS6AI score0.00177EPSS
Exploits1References4
OSV
OSV
added 2026/06/15 5:24 p.m.5 views

GHSA-48R7-HPM6-GFXM @angular/common: Denial of Service (DoS) via OOM in Date Formatting (formatDate)

A Denial of Service DoS vulnerability exists in the @angular/common package of the Angular framework. The formatDate function, which is also utilized by the standard Angular DatePipe, does not properly limit or validate the length of the format parameter. When parsing a maliciously crafted,...

8.2CVSS5.5AI score0.00331EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/15 5:24 p.m.75 views

@angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning

Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during client-side hydration. This avoids repeating the same HTTP requests on the client. The cached responses are stored in TransferState using a cache key generated by hashing reque...

8.8CVSS5.3AI score0.0009EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/15 5:24 p.m.5 views

GHSA-39PV-4J6C-2G6V @angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning

Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during client-side hydration. This avoids repeating the same HTTP requests on the client. The cached responses are stored in TransferState using a cache key generated by hashing reque...

8.8CVSS5.3AI score0.0009EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/15 5:21 p.m.9 views

@angular/platform-server: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR

A Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino when serializing the content of elements. When rendering dynamic text content inside a element via template bindings such as value or textContent, the template engine expects the browser ...

8.6CVSS5.4AI score0.00228EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/15 5:21 p.m.4 views

GHSA-GXX4-3XCV-F8QX @angular/platform-server: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR

A Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino when serializing the content of elements. When rendering dynamic text content inside a element via template bindings such as value or textContent, the template engine expects the browser ...

8.6CVSS5.5AI score0.00228EPSS
Exploits0References4
OSV
OSV
added 2026/06/15 5:20 p.m.4 views

GHSA-HQR9-C56F-3X7F @angular/platform-server: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

A Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino when serializing the content of raw-text elements such as , , and . domino supports escaping raw-text elements during serialization to prevent closing-tag breakout. However, a Unicode ind...

8.6CVSS5.5AI score0.00167EPSS
Exploits0References3
OSV
OSV
added 2026/06/15 4:52 p.m.3 views

GHSA-P3VC-36G9-X9GR @angular/common: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)

A Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber function, which is also utilized by DecimalPipe, PercentPipe, and CurrencyPipe, does not properly validate the upper bounds of the digitsInfo parameter. Specifically, the minimum and maximum...

8.2CVSS5.5AI score0.00161EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/15 4:51 p.m.9 views

@angular/common: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache

A vulnerability was discovered in @angular/common when Server-Side Rendering SSR and hydration are enabled. The HttpTransferCache utility optimizes hydration by caching outgoing HTTP requests performed during SSR and transferring the cached state to the client-side application via TransferState...

8.2CVSS5.4AI score0.00303EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/15 4:51 p.m.9 views

GHSA-Q6F4-QQRG-JV6X @angular/common: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache

A vulnerability was discovered in @angular/common when Server-Side Rendering SSR and hydration are enabled. The HttpTransferCache utility optimizes hydration by caching outgoing HTTP requests performed during SSR and transferring the cached state to the client-side application via TransferState...

8.2CVSS5.5AI score0.00303EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/15 4:51 p.m.9 views

Use of Cache Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information via the HttpTransferCache utility. An attacker can access sensitive user-specific information by making requests to pages that have been cached by a shared caching layer after another user h...

8.2CVSS5.8AI score0.00303EPSS
Exploits0References2
OSV
OSV
added 2026/06/15 4:39 p.m.13 views

GHSA-XRXM-CP7J-8XF6 @angular/platform-server: URL Parser Differential leading to SSRF Allowlist Bypass

An issue in the @angular/platform-server package allows remote attackers to bypass host allowlist constraints and direct server-side outgoing requests to arbitrary external endpoints. This occurs due to a parser differential between the strict WHATWG URL parser used for allowlist validation and t...

8.8CVSS5.7AI score0.00279EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/15 3:16 p.m.8 views

Modification of Assumed-Immutable Data

Overview @angular/core is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this...

8.6CVSS6.1AI score0.00179EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.19 views

PT-2026-49561

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.15 Angular versions prior to 20.3.22 Angular versions prior to 19.2.23 Description An issue exists in @angular/common when Server-Side Rendering SSR and hydration are enabled...

8.2CVSS5.8AI score0.00303EPSS
Exploits0References6
Rows per page
Query Builder