Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 8.2 CVE-2026-53571

Vite: `server.fs.deny` bypass on Windows alternate paths_CVE-2026-53571

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny ...

vitejs vite >= 8.0.0, < 8.0.16 CVE
LOW 3.7 CVE-2026-53540

Python-Multipart: Negative Content-Length in parse_form buffers the entire body in memory_CVE-2026-53540

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parse_form() did not validate the Content-Length header before using ...

Kludex python-multipart < 0.0.31 CVE
HIGH 7.5 CVE-2026-53539

Python-Multipart: Quadratic-time querystring parsing with semicolon separators causes CPU denial of service_CVE-2026-53539

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, when parsing application/x-www-form-urlencoded bodies, QuerystringPar...

Kludex python-multipart < 0.0.30 CVE
LOW 3.7 CVE-2026-53538

Python-Multipart: Semicolon treated as querystring field separator enables parameter smuggling_CVE-2026-53538

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www...

Kludex python-multipart < 0.0.30 CVE
LOW 3.7 CVE-2026-53537

Python-Multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters_CVE-2026-53537

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parse_options_header parsed Content-Disposition (and Content-Type) he...

Kludex python-multipart < 0.0.30 CVE
HIGH 8.6 CVE-2026-50556

Angular: Missing `

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...

angular angular >= 22.0.0-next.0, < 22.0.0-rc.2 CVE
HIGH 8.6 CVE-2026-50555

Angular: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in @angular/platform-server_CVE-2026-50555

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...

angular angular >= 22.0.0-next.0, < 22.0.0-rc.2 CVE
LOW 2.7 CVE-2026-50269

AIOHTTP: CRLF injection in multipart headers_CVE-2026-50269

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/...

aio-libs aiohttp < 3.14.0 CVE
MEDIUM 5.7 CVE-2026-50184

Angular: Request Credential & Cache Policy Stripping in Angular Service Worker_CVE-2026-50184

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...

angular angular >= 22.0.0-next.0, < 22.0.0-rc.2 CVE
HIGH 8.2 CVE-2026-50171

Angular: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)_CVE-2026-50171

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0...

angular angular >= 22.0.0-next.0, < 22.0.0-rc.2 CVE