Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
74
GitHub Actions
54
Go
4,080
Maven
5,000+
npm
5,000+
NuGet
994
pip
5,000+
Pub
13
RubyGems
1,095
Rust
1,412
Swift
61
Unreviewed advisories
All unreviewed
5,000+

9 advisories

Loading
@angular/service-worker: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker High
CVE-2026-54264 was published for @angular/service-worker (npm) Jun 15, 2026
SkyZeroZx Credited to SkyZeroZx, alan-agius4, JeanMeche, and josephperrott alan-agius4 alan-agius4
JeanMeche JeanMeche josephperrott josephperrott
@angular/common: Denial of Service (DoS) via OOM in Date Formatting (formatDate) High
CVE-2026-54268 was published for @angular/common (npm) Jun 15, 2026
JeanMeche Credited to JeanMeche, alan-agius4, SkyZeroZx, and josephperrott alan-agius4 alan-agius4
SkyZeroZx SkyZeroZx josephperrott josephperrott
@angular/compiler: Two-Way Property Binding Sanitization Bypass (XSS) Moderate
CVE-2026-54265 was published for @angular/compiler (npm) Jun 15, 2026
SkyZeroZx Credited to SkyZeroZx, alan-agius4, JeanMeche, and JoostK alan-agius4 alan-agius4
JeanMeche JeanMeche JoostK JoostK
Angular: Template and Attribute Namespace Sanitization Bypass (XSS) Moderate
CVE-2026-50557 was published for @angular/compiler (npm) Jun 15, 2026
SkyZeroZx Credited to SkyZeroZx, alan-agius4, josephperrott, and AndrewKushnir alan-agius4 alan-agius4
josephperrott josephperrott AndrewKushnir AndrewKushnir
@angular/platform-server: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR High
CVE-2026-50556 was published for @angular/platform-server (npm) Jun 15, 2026
SkyZeroZx Credited to SkyZeroZx, alan-agius4, and josephperrott alan-agius4 alan-agius4
josephperrott josephperrott
@angular/platform-server: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') High
CVE-2026-50555 was published for @angular/platform-server (npm) Jun 15, 2026
SkyZeroZx Credited to SkyZeroZx, alan-agius4, and josephperrott alan-agius4 alan-agius4
josephperrott josephperrott
@angular/service-worker: Request Credential & Cache Policy Stripping Moderate
CVE-2026-50184 was published for @angular/service-worker (npm) Jun 15, 2026
SkyZeroZx Credited to SkyZeroZx, josephperrott, AndrewKushnir, alan-agius4, and JeanMeche josephperrott josephperrott
AndrewKushnir AndrewKushnir alan-agius4 alan-agius4 JeanMeche JeanMeche
@angular/core: Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS) Moderate
CVE-2026-52725 was published for @angular/core (npm) Jun 15, 2026
SkyZeroZx Credited to SkyZeroZx, AndrewKushnir, alan-agius4, and josephperrott AndrewKushnir AndrewKushnir
alan-agius4 alan-agius4 josephperrott josephperrott
Angular Client Hydration DOM Clobbering & Response-Cache Poisoning High
CVE-2026-54267 was published for @angular/core (npm) Jun 15, 2026
SkyZeroZx Credited to SkyZeroZx, AndrewKushnir, alan-agius4, josephperrott, and JeanMeche AndrewKushnir AndrewKushnir
alan-agius4 alan-agius4 josephperrott josephperrott JeanMeche JeanMeche
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database