angular

Security Risk Profile

/100

medium

Security Risk Score

Comprehensive risk assessment based on 13 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from May 26, 2022 to present

Total CVEs

Critical+High

Exploited

Unpatched

Threat Assessment

Avg CVSS

Base severity

Avg EPSS

Exploit probability

Unpatched

Critical/High

Risk Level

48/100

medium

Severity Distribution

Critical

High

Medium

Low

Exploit Likelihood

>50% chance

20-50%

5-20%

<5%

Age Distribution

Common Weaknesses (CWE)

XSS

SSRF

Path Traversal

Input Validation

CSRF

Most Affected Products

1. angular Angular Node.js39

2. npm/@angular/core23

3. angular Angular Cli Node.js14

4. npm/@angular/compiler14

5. npm/@angular/ssr10

Recent Vulnerabilities

See more →

CVE-2026-41423

CVSS 8.7high

Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server

5/8/2026

CVE-2026-44437

CVSS 6.9medium

Angular SSR: Open Redirect and Request Steering via Encoded X-Forwarded-Prefix

5/6/2026

CVE-2026-33397

CVSS 6.9medium

Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass

3/19/2026

CVE-2026-32635

CVSS 8.6EPSS 0%high

Angular has XSS in i18n attribute bindings

3/13/2026

CVE-2026-27970

CVSS 7.6EPSS 0%high

Angular i18n vulnerable to Cross-Site Scripting (XSS)

2/26/2026

CVE-2026-22610

CVSS 8.5EPSS 0%high

Angular has XSS Vulnerability via Unsanitized SVG Script Attributes

1/9/2026

CVE-2025-66412

CVSS 8.5high

Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

12/1/2025

CVE-2025-66035

CVSS 7.7high

Angular HTTP Client Has XSRF Token Leakage via Protocol-Relative URLs

Server-Side Request Forgery (SSRF) in Angular SSR

10/16/2025

Monitor angular in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free Trial Book a Demo