Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

angular — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting angular. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Angular is a TypeScript-based web application framework primarily used for building single-page applications and dynamic user interfaces. Historically, it has been susceptible to cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities, often stemming from improper input validation and insecure default configurations. While Angular's built-in security features like DOM sanitization help mitigate risks, developers must still implement proper security practices. Notable incidents include CVE-2021-38540, which allowed RCE through template injection, and CVE-2022-41715, an XSS flaw in the Angular CLI. The framework's complexity and extensive third-party ecosystem contribute to its vulnerability landscape, requiring ongoing vigilance from development teams.

Top products by angular: angular angular-cli
CVE IDTitleCVSSSeverityPublished
CVE-2026-41423 Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server — angularCWE-918--2026-05-08
CVE-2026-33397 Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass — angular-cliCWE-601 6.1 -2026-03-26
CVE-2026-27970 Angular i18n vulnerable to Cross-Site Scripting (XSS) — angularCWE-79 6.1AIMediumAI2026-02-26
CVE-2026-27739 Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline — angular-cliCWE-918 9.8AICriticalAI2026-02-25
CVE-2026-27738 Angular SSR has an Open Redirect via X-Forwarded-Prefix — angular-cliCWE-601 6.1AIMediumAI2026-02-25
CVE-2026-22610 Angular has XSS Vulnerability via Unsanitized SVG Script Attributes — angularCWE-79 6.1 -2026-01-10
CVE-2025-66412 Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes — angularCWE-79 6.1AIMediumAI2025-12-01
CVE-2025-66035 Angular HTTP Client Has XSRF Token Leakage via Protocol-Relative URLs — angularCWE-201 6.5AIMediumAI2025-11-26
CVE-2025-62427 Server-Side Request Forgery (SSRF) in Angular SSR — angular-cliCWE-918 9.1AICriticalAI2025-10-16
CVE-2025-59052 Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage — angularCWE-362 5.9AIMediumAI2025-09-10

This page lists every published CVE security advisory associated with angular. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.