Angular 21.1.0 Next3 for Node.js
Approved changes feed: RSS · Atom
cpe:2.3:a:angular:angular:21.1.0:next3:*:*:*:node.js:*:*
part: a version: 21.1.0 update: next3
| Vendor | Angular (d8cfb05c-218e-5baa-85be-4cd660bbc13e) |
|---|---|
| Product | Angular (d068de12-94a0-5da4-bec6-9080c1fc1776) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | node.js |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/angular/angular |
purl2cpe | 2026-06-01 10:15:50.713805 |
pkg:googlesource/angular |
purl2cpe | 2026-06-01 10:15:50.713807 |
pkg:maven/org.webjars.npm/angular__core |
purl2cpe | 2026-06-01 10:15:50.713808 |
pkg:npm/%40angular/core |
purl2cpe | 2026-06-01 10:15:50.713810 |
pkg:sourceforge/angular.mirror |
purl2cpe | 2026-06-01 10:15:50.713811 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-22610 |
vulnerable | 2026-06-08 07:51:13.303930 |
Angular has XSS Vulnerability via Unsanitized SVG Script Attributes
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG <script> elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0.
Published: 2026-01-10T03:35:40.727Z
Updated: 2026-06-02T13:00:45.332Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.