Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Angular — Vulnerabilities & Security Advisories 30

All 30 CVE vulnerabilities found in Angular, with AI-generated Chinese analysis, references, and POCs.

This page is a vulnerability aggregation resource for the Angular framework, focusing on common weakness categories and associated security tags. It collects detailed records of disclosed security issues affecting the Angular library, covering a comprehensive time range from initial public disclosure through recent updates to ensure historical continuity. Users can utilize this resource to track vendor advisories issued by the Angular team and the broader ecosystem, gaining insight into how specific flaws were reported and remediated. Additionally, the page allows researchers and developers to understand the mechanics of particular weakness classes as they apply to frontend web development, providing context on severity scores, attack vectors, and mitigation strategies. By examining the complete vulnerability history of the product, stakeholders can assess the security posture of Angular over time and identify trends in patching frequency or recurring architectural flaws. This centralized view supports informed decision-making for teams adopting or maintaining Angular applications, enabling them to prioritize updates and manage risk more effectively based on verified data rather than isolated reports. The content is structured to facilitate easy navigation through various categories, ensuring that both security professionals and application developers can quickly locate relevant information without sifting through unrelated noise.

Vendor: unspecified

CVE IDTitleCVSSSeverityPublished
CVE-2026-50171 Angular: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo) CWE-400--2026-06-22
CVE-2026-50184 Angular: Request Credential & Cache Policy Stripping in Angular Service Worker CWE-200--2026-06-22
CVE-2026-50169 Angular Service Worker Policy-Bypass & Credential-Stripping Vulnerabilities CWE-200--2026-06-22
CVE-2026-46417 Angular: SSRF via Hostname Hijacking in @angular/platform-server CWE-918--2026-06-22
CVE-2026-50168 Angular: URL Parser Differential in @angular/platform-server leading to SSRF Allowlist Bypass CWE-346--2026-06-22
CVE-2026-50170 Angular: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache CWE-524--2026-06-22
CVE-2026-50556 Angular: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR CWE-79--2026-06-22
CVE-2026-50555 Angular: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in @angular/platform-server CWE-79--2026-06-22
CVE-2026-54264 Angular: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker CWE-200--2026-06-22
CVE-2026-54268 Angular: Denial of Service (DoS) via OOM in Date Formatting (formatDate) CWE-400--2026-06-22
CVE-2026-54267 Angular Client Hydration DOM Clobbering & Response-Cache Poisoning CWE-79--2026-06-22
CVE-2026-54266 Angular: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning CWE-328--2026-06-22
CVE-2026-54265 Angular: Two-Way Property Binding Sanitization Bypass (XSS) CWE-79--2026-06-22
CVE-2026-50178 Angular: Remote Code Execution via JSDoc Hover Command Injection in VS Code Angular Language Service Extension CWE-79--2026-06-22
CVE-2026-52725 Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS) CWE-79--2026-06-22
CVE-2026-49241 Angular: Multiple Remote Code Execution Vulnerabilities in Angular Language Service VS Code Extension CWE-79--2026-06-22
CVE-2026-50557 Angular: Template and Attribute Namespace Sanitization Bypass (XSS) CWE-79--2026-06-22
CVE-2026-41423 Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server CWE-918 9.1AICriticalAI2026-05-08
CVE-2026-27970 Angular i18n vulnerable to Cross-Site Scripting (XSS) CWE-79 6.1AIMediumAI2026-02-26
CVE-2026-22610 Angular has XSS Vulnerability via Unsanitized SVG Script Attributes CWE-79 6.1 -2026-01-10
CVE-2025-66412 Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes CWE-79 6.1AIMediumAI2025-12-01
CVE-2025-66035 Angular HTTP Client Has XSRF Token Leakage via Protocol-Relative URLs CWE-201 6.5AIMediumAI2025-11-26
CVE-2025-59052 Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage CWE-362 5.9AIMediumAI2025-09-10
CVE-2024-21490 angular 安全漏洞 CWE-1333 7.5 High2024-02-10
CVE-2023-26116 Angular 安全漏洞 CWE-1333 5.3 Medium2023-03-30
CVE-2023-26118 Angular 安全漏洞 CWE-1333 5.3 Medium2023-03-30
CVE-2023-26117 Angular 安全漏洞 CWE-1333 5.3 Medium2023-03-30
CVE-2022-25869 Angular 跨站脚本漏洞 CWE-79 4.2 Medium2022-07-15
CVE-2021-4231 Angular Comment cross site scripting CWE-79 3.5 Low2022-05-26
CVE-2022-25844 Regular Expression Denial of Service (ReDoS) 5.3 Medium2022-05-01

All 30 known CVE vulnerabilities affecting Angular with full Chinese analysis, references, and POCs where available.