Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.6 CVE-2026-50556

Angular: Missing `

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...

angular angular >= 22.0.0-next.0, < 22.0.0-rc.2 CVE
HIGH 8.6 CVE-2026-50555

Angular: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in @angular/platform-server_CVE-2026-50555

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...

angular angular >= 22.0.0-next.0, < 22.0.0-rc.2 CVE
LOW 2.7 CVE-2026-50269

AIOHTTP: CRLF injection in multipart headers_CVE-2026-50269

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/...

aio-libs aiohttp < 3.14.0 CVE
MEDIUM 5.7 CVE-2026-50184

Angular: Request Credential & Cache Policy Stripping in Angular Service Worker_CVE-2026-50184

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...

angular angular >= 22.0.0-next.0, < 22.0.0-rc.2 CVE
HIGH 8.2 CVE-2026-50171

Angular: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)_CVE-2026-50171

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...

angular angular >= 22.0.0-next.0, < 22.0.0-rc.2 CVE
HIGH 8.2 CVE-2026-50170

Angular: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache_CVE-2026-50170

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...

angular angular >= 22.0.0-next.0, < 22.0.0-rc.2 CVE
MEDIUM 5.7 CVE-2026-50169

Angular Service Worker Policy-Bypass & Credential-Stripping Vulnerabilities_CVE-2026-50169

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...

angular angular >= 22.0.0-next.0, < 22.0.0-rc.2 CVE
HIGH 8.8 CVE-2026-50168

Angular: URL Parser Differential in @angular/platform-server leading to SSRF Allowlist Bypass_CVE-2026-50168

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...

angular angular >= 22.0.0-next.0, < 22.0.0-rc.2 CVE
LOW 3.2 CVE-2026-49356

Babel: Arbitrary File Read via sourceMappingURL Comment in @babel/core_CVE-2026-49356

Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a so...

babel babel >= 8.0.0-alpha.0, < 8.0.0-rc.5 CVE
HIGH 7.5 CVE-2026-48712

protobufjs: Denial of service through unbounded Any expansion during JSON conversion_CVE-2026-48712

protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.1 and 8.4.1, protobufjs could recurse without a depth limit w...

protobufjs protobuf.js < 7.6.1 CVE