Lucene search
K
GithubRecent

33225 matches found

Github Security Blog
Github Security Blog
added 2026/06/15 8:24 p.m.15 views

python-multipart: Quadratic-time querystring parsing with semicolon separators causes CPU denial of service

Summary When parsing application/x-www-form-urlencoded bodies, QuerystringParser located the field separator with a two step lookup: it first scanned the entire remaining buffer for &, and only when no & existed anywhere ahead did it fall back to scanning for ;. For a body that uses ; as the...

7.5CVSS5.6AI score0.00263EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:23 p.m.12 views

python-multipart: Negative Content-Length in parse_form buffers the entire body in memory

Summary parseform did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded into memory in a single read instead of in fixed-size chunks. Details...

3.7CVSS5.5AI score0.00217EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:22 p.m.42 views

python-multipart: Semicolon treated as querystring field separator enables parameter smuggling

Summary QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only & as a separator. This creates a parser differential: the same bytes...

5.9CVSS5.5AI score0.35963EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:20 p.m.18 views

python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters

Summary parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=..., and the filename0/filename1 continuation form is decoded and surfaced...

5.3CVSS5.3AI score0.00177EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:20 p.m.13 views

Electron: Buffer performs incorrect byte length calculations resulting in heap buffer under/overflow

Impact Most apps will crash and some may perform incorrect buffer allocations in the Node.js Buffer API resulting in unexpected truncation or allocation. Workarounds No workarounds. Do not use these impacted Electron releases Fixed Versions 42.3.3 For more information If you have any questions or...

9.3CVSS5.8AI score0.00253EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:20 p.m.23 views

Tornado: Authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient

Summary When SimpleAsyncHTTPClient follows a 3xx redirect, it shallow-copies the original HTTPRequest, rewrites the URL, decrements maxredirects, and removes only the Host header. It does not clear Authorization, authusername, authpassword, or authmode when the redirect target changes origin. As ...

5.3AI score0.00034EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:19 p.m.24 views

tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)

Tornado's gzip decompression routines work in limited-size chunks, but have no overall limit for the total size of decompressed chunks that they will accumulate There has always been a limit for the total compressed size. This allows a malicious server to consume effectively unlimited amounts of...

5.4AI score0.00052EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:16 p.m.37 views

Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Summary When serving static files on Windows, StaticFiles resolves the requested path with os.path.realpath. If a UNC path such as \attacker.com\share reaches the resolver, realpath causes the process to open a connection to the remote host over SMB port 445. This is a server-side request forgery...

7.5CVSS5.5AI score0.00368EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:16 p.m.15 views

Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`

Summary When dispatching a request, HTTPEndpoint selects the handler by lowercasing the HTTP method and looking it up as an attribute with getattr, without restricting the lookup to a known set of HTTP verbs. When an HTTPEndpoint subclass is registered through Route... without an explicit methods...

5.3CVSS5.4AI score0.00213EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:15 p.m.30 views

UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`

Summary A regular expression denial-of-service ReDoS vulnerability has been discovered in ua-parser-js when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application that calls UAParserheaders.withClientHints, an attacker can cause the parser to spend excessive CPU...

5.4AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:13 p.m.11 views

protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names

Summary A previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static output from crafted JSON descriptor input. The common case of parsing schemas fro...

8.7CVSS5.9AI score0.00395EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:13 p.m.8 views

protobufjs: Memory amplification from preserved unknown fields in binary decode

Summary protobufjs 8.2.0 added support for preserving unknown fields encountered during binary decode. Affected versions preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload...

5.3CVSS5.3AI score0.00293EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:12 p.m.16 views

DOMPurify: Trusted Types policy survives `clearConfig()` and can poison later `RETURN_TRUSTED_TYPE` output

Impact A DOMPurify instance that is reused across trust boundaries can stay bound to a previously supplied TRUSTEDTYPESPOLICY even after clearConfig is called. A later caller that requests RETURNTRUSTEDTYPE receives a TrustedHTML object created by the old policy, not by a clean default...

5.5AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:12 p.m.63 views

Vulnerable OpenSSL included in cryptography wheels

pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in wheels prior to cryptograph 48.01 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20260609.txt. If yo...

5.3AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:11 p.m.13 views

Microsoft Security Advisory CVE-2026-45591 – ASP.NET Core Denial of Service Vulnerability

Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core SignalR and Blazor Server. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service...

7.5CVSS5.4AI score0.0243EPSS
Exploits0References6Affected Software4
Github Security Blog
Github Security Blog
added 2026/06/15 8:11 p.m.10 views

aiohttp: Incomplete websocket frame payloads bypass memory limits

Summary If an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. Impact If a web application has WebSocket endpoints, it may be possible for an attacker to execute a DoS attack through excessive memory use. ----- Patch:...

8.7CVSS5.5AI score0.00305EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:11 p.m.13 views

aiohttp: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections

Summary The serverhostname TLS SNI check can be bypassed when an existing connection is reused. Impact If an application makes multiple requests to the same domain, but with different per-request serverhostname parameters, then the later calls may succeed by reusing the existing connection when...

7.5CVSS5.3AI score0.00266EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:10 p.m.22 views

aiohttp: Payload Response Resources Are Not Closed After Mid-Body Disconnect

Summary Payload resources are not closed correctly when a client disconnects in the middle of a write. Impact If a payload is using an open file or similar limited resource, then an attacker may be able to cause resource starvation temporarily until garbage collection or similar closes the file...

7.5CVSS5.3AI score0.00281EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:10 p.m.10 views

aiohttp: HTTP/1 Pipelined Requests Queue Without Limit

Summary No limit was present on the number of pipelined requests that could be queued. Impact An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. ----- Patch:...

8.7CVSS5.3AI score0.00279EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:9 p.m.18 views

aiohttp: Unread Compressed Request Bodies Bypass client_max_size During Cleanup

Summary During cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. Impact An attacker may be able to send a compressed payload in specific situations that could be decompressed into memory, potentially leading to DoS a zip bomb edge case. Workaround...

8.7CVSS5.2AI score0.00279EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:9 p.m.11 views

aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines

Summary It is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. Impact If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send oversized lines through the HTTP parser and use an excessive amount of memory, potential...

8.7CVSS5.4AI score0.00322EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:9 p.m.11 views

aiohttp: DigestAuthMiddleware Applies Credentials to Cross-Origin Redirect Challenges

Summary DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. Impact If the client follows a redirect the default option to an attacker controlled domain, the attacker may be able to extract the auth digest. This likely requires an open redirect...

6.3CVSS5.3AI score0.00178EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:8 p.m.9 views

aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence

Summary Host-only cookies that are saved with CookieJar.save and then restored later with CookieJar.load lose their host-only status. Impact Host-only cookies that have been loaded from disk may get sent to subdomains that previously should have been disallowed. ----- Patch:...

7.5CVSS5.3AI score0.00279EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:7 p.m.46 views

aiohttp: CRLF injection in multipart headers

Summary Attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. Impact In the unlikely situation that an application is passing user-controlled strings into MultipartWriter.appendheaders=... or Payload.headers, the...

7.5CVSS5.3AI score0.00301EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:6 p.m.10 views

React Router: Potential CSRF via PUT/PATCH/DELETE document requests

Certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight, SameSite cookies already block the cross-origin attack vectors...

3.1CVSS5.4AI score0.00106EPSS
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/15 8:5 p.m.11 views

Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE

Summary Vitest Browser Mode exposes a cdp API that forwards raw Chrome DevTools Protocol CDP methods over the Vitest browser WebSocket RPC. CDP is not gated by browser.api.allowWrite, browser.api.allowExec, api.allowWrite, or api.allowExec. As a result, disabling Browser Mode write and exec...

5.8AI score0.00089EPSS
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/15 8:2 p.m.19 views

DOMPurify: SAFE_FOR_TEMPLATES bypass - template expressions survive sanitization inside <template> content when using DOM output modes

Summary When DOMPurify is configured with both SAFEFORTEMPLATES: true and RETURNDOM: true or INPLACE: true, an attacker can inject template expressions, such as $evil, evil, or , that survive the sanitization pass inside element content. This bypasses the explicit purpose of SAFEFORTEMPLATES, whi...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:1 p.m.12 views

DOMPurify IN_PLACE Sanitization Bypass via Attached Shadow Root Inside <template>.content

If the HTML you give it contains a element, and inside that template there's an element with a shadow DOM attached to it, DOMPurify quietly skips over the shadow contents. Whatever the attacker put in there - an image with an onerror handler, a link with a javascript: URL, even a full script -...

5.2AI score0.00038EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 8:0 p.m.18 views

DOMPurify: `IN_PLACE` mode trusts attacker-controlled `nodeName` on live non-form nodes, allowing script retention and XSS via attacker-supplied DOM objects

Summary When DOMPurify.sanitizeroot, INPLACE: true is called on an attacker-supplied live DOM node, DOMPurify still trusts currentNode.nodeName for non-form nodes in the main sanitizeElements pipeline. A real child node whose observable nodeName is attacker-controlled can therefore be misclassifi...

5.5AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 7:59 p.m.50 views

DOMPurify: Hook mutation of `data.allowedTags` / `data.allowedAttributes` permanently pollutes `DEFAULT_ALLOWED_TAGS` / `DEFAULT_ALLOWED_ATTR`

Hook mutation of data.allowedTags / data.allowedAttributes permanently pollutes DEFAULTALLOWEDTAGS / DEFAULTALLOWEDATTR CWE: CWE-501 Trust Boundary Violation — hook-scoped mutation leaks to global default sets via CWE-693 Protection Mechanism Failure — the default allow-list is silently widened f...

5.6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 7:56 p.m.19 views

DOMPurify: Cross-realm IN_PLACE sanitization leaves executable markup intact via realm-bound `instanceof` checks

Cross-realm INPLACE sanitization leaves executable markup intact via realm-bound instanceof checks CWE: CWE-79 XSS — Improper Neutralization of Input During Web Page Generation via CWE-693 Protection Mechanism Failure — realm-bound instanceof checks fail-open on foreign-realm DOM nodes and CWE-50...

5.8AI score0.00055EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 7:53 p.m.17 views

DOMPurify: IN_PLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM

INPLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM CWE: CWE-79 XSS — Improper Neutralization of Input During Web Page Generation via CWE-693 Protection Mechanism Failure — silent no-op when forceRemove is called on a parent-less node Summa...

5.4AI score0.00042EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 7:29 p.m.47 views

PyJWT: Unauthenticated DoS via unbounded Base64URL decoding of unused payload segment in b64=false detached JWS

!NOTE Practical impact depends on whether request body-size limits are enforced upstream proxy/web-server/framework. Deployments with typical body-size caps ≤2 MB bound the amplifier significantly; deployments accepting larger token inputs are more exposed. When verifying detached JWS tokens usin...

5.3CVSS5.5AI score0.00288EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 7:28 p.m.12 views

PyJWKClient: missing scheme allowlist enables CVE-2024-21643-class SSRF + token forgery via file://, ftp://, data: schemes

!NOTE The library does not directly return non-HTTPS URI contents to the attacker; the chained "plant a JWKS to forge tokens" scenario described in the original report requires additional application-layer flaws attacker write access to a filesystem path, untrusted jku derivation that this fix do...

8.8CVSS5.6AI score0.02214EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 7:28 p.m.13 views

PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed

!NOTE Exploitation requires a verifier configured with both symmetric and asymmetric algorithms in algorithms=… and a raw-JSON JWK as the key= argument, both contrary to documented usage, hence the High attack-complexity rating. Summary When the verifier is decoding JSON Web Tokens, while...

7.4CVSS5.4AI score0.00394EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 7:27 p.m.11 views

PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys

!NOTE Scored assuming a deployment where algorithm policy functions as an authentication/authorization boundary. In deployments where the algorithm policy enforces crypto agility only, the practical confidentiality impact is lower and the issue is closer to an integrity-of-policy-enforcement bug...

5.4CVSS5.5AI score0.00127EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 5:36 p.m.67 views

Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injection

Summary Nodemailer constructs List- headers from the caller-provided list message option using internally prepared header values. The list..comment field is inserted into those prepared values without removing CR \r or LF \n characters. Because prepared headers bypass the normal header-value...

6.1AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 5:35 p.m.43 views

Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalization

Summary Nodemailer's disableFileAccess and disableUrlAccess options are intended to prevent message content and attachments from reading local files or fetching URLs. The normal MIME streaming path enforces those options in MimeNode.getStream. However, jsonTransport serializes messages by calling...

5.5AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 5:34 p.m.28 views

Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential Interception

Summary Nodemailer disables TLS certificate verification in its internal HTTPS fetch client through the use of rejectUnauthorized: false inside lib/fetch/index.js. As a result, OAuth2 token requests trust invalid or self-signed HTTPS certificates and transmit sensitive OAuth credentials over...

5.6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 5:33 p.m.9 views

Symfony: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization

Description Symfony\Component\Routing\Generator\UrlGenerator::doGenerate percent-encodes . and .. path segments so that the generated URL still resolves to the originating route after RFC 3986 §5.2.4 dot-segment removal which strict RFC-3986 consumers — routers, reverse proxies, HTTP clients —...

5.3AI score0.00026EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/15 5:32 p.m.8 views

Symfony: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks and Unicode Whitespace Bypass Visual-Spoofing Defense

Description Symfony\Component\HtmlSanitizer\TextSanitizer\UrlSanitizer::parse rejects URLs containing raw Unicode explicit-direction BiDi formatting characters U+202A–U+202E, U+2066–U+2069 as a defense against visual-spoofing of the rendered href. The check covers only the raw UTF-8 forms of thos...

5.4AI score0.00025EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/15 5:32 p.m.8 views

Symfony: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade

Description Symfony\Component\Mailer\Bridge\Mailomat\Webhook\MailomatRequestParser::validateSignature parses the X-MOM-Webhook-Signature request header as algo=signature and passes the wire-supplied $algo directly to hashhmac when verifying the request against the configured webhook secret. The...

5.5AI score0.00018EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/15 5:31 p.m.8 views

Symfony: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient

Description Symfony\Component\HttpClient\NoPrivateNetworkHttpClient is documented as a decorator that blocks requests to private networks by default. The list of blocked subnets Symfony\Component\HttpFoundation\IpUtils::PRIVATESUBNETS on 6.4+, a private constant in NoPrivateNetworkHttpClient on 5...

5.3AI score0.00029EPSS
Exploits0References8Affected Software3
Github Security Blog
Github Security Blog
added 2026/06/15 5:30 p.m.14 views

protobufjs: Denial of service through unbounded Any expansion during JSON conversion

Summary protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject conversion and the custom google.protobuf.Any JSON conversion path. A crafted protobuf binary payload containing deeply nested Any values could cause...

7.5CVSS5.2AI score0.00324EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 5:28 p.m.11 views

PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS)

!NOTE The vulnerability surfaces only when a JWKS fetch fails; an attacker can attempt to provoke that with sustained unknown-kid traffic, but the outcome depends on upstream JWKS-endpoint behavior rate limiting, transient errors which is beyond the attacker's control. Impact is reduced auth...

3.7CVSS5.2AI score0.00222EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 5:28 p.m.10 views

Symfony: Security Firewall Bypass via failure_forward Subrequest: Unauthenticated Access to access_control-Protected GET Routes

Description When a firewall is configured with form-login or any authenticator using DefaultAuthenticationFailureHandler and the failureforward: true option, the handler reads the failurepath parameter from the failing login request and uses it as the path of an internal subrequest dispatched...

5.3AI score0.00058EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/15 5:27 p.m.16 views

protobufjs : Schema-derived names can shadow runtime-significant properties

Summary protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affected names are fields named hasOwnProperty, field or oneof names such as $type when loaded through protobufjs JSON/reflection descriptors, and service...

5.3CVSS5.7AI score0.00238EPSS
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/15 5:26 p.m.307 views

form-data: CRLF injection in form-data via unescaped multipart field names and filenames

Summary form-data builds multipart/form-data request bodies. Through v4.0.5, the field name passed to FormDataappend and the filename option are concatenated directly into the Content-Disposition header with no escaping of CR \r, LF \n, or ". An application that uses untrusted input as a field na...

8.7CVSS5.5AI score0.00409EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 5:25 p.m.9 views

@angular/service-worker: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker

An information disclosure vulnerability exists in the @angular/service-worker package of the Angular framework. When the Service Worker fetches assets, it preserves metadata such as headers from the original request. However, on cross-origin redirects, the Service Worker fails to strip sensitive...

8.3CVSS5.5AI score0.00226EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/15 5:24 p.m.26 views

@angular/common: Denial of Service (DoS) via OOM in Date Formatting (formatDate)

A Denial of Service DoS vulnerability exists in the @angular/common package of the Angular framework. The formatDate function, which is also utilized by the standard Angular DatePipe, does not properly limit or validate the length of the format parameter. When parsing a maliciously crafted,...

8.2CVSS5.5AI score0.00331EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities33225