[Git][security-tracker-team/security-tracker][master] Angularjs triage
Bastien Roucariès (@rouca)
rouca at debian.org
Mon Feb 16 18:31:45 GMT 2026
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5d73215b by Bastien Roucariès at 2026-02-16T19:31:32+01:00
Angularjs triage
CVE is present only in modern @angular package.
Compiler was introduced in 18.x
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14578,7 +14578,7 @@ CVE-2026-22612 (Fickling is a Python pickling decompiler and static analyzer. Pr
CVE-2026-22611 (AWS SDK for .NET works with Amazon Web Services to help build scalable ...)
NOT-FOR-US: Amazon AWS SDK
CVE-2026-22610 (Angular is a development platform for building mobile and desktop web ...)
- - angular.js <unfixed> (bug #1126747)
+ - angular.js <not-affected> (vulnerable code introduced later in @angular/compiler and @angular/core)
NOTE: https://github.com/angular/angular/security/advisories/GHSA-jrmj-c5cx-3cw6
NOTE: https://github.com/angular/angular/pull/66318
NOTE: https://github.com/angular/angular/commit/91dc91bae4a1bbefc58bef6ef739d0e02ab44d56 (v21.1.0-rc.0)
@@ -33257,10 +33257,9 @@ CVE-2025-66448 (vLLM is an inference and serving engine for large language model
CVE-2025-66415 (fastify-reply-from is a Fastify plugin to forward the current HTTP req ...)
NOT-FOR-US: fastify-reply-from Fastify plugin
CVE-2025-66412 (Angular is a development platform for building mobile and desktop web ...)
- - angular.js <unfixed> (bug #1126775)
+ - angular.js <not-affected> (vulnerable code introduced later in @angular/compiler)
NOTE: https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49
NOTE: https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a
- TODO: check, might not impact the 1.x versions of Angular
CVE-2025-66410 (Gin-vue-admin is a backstage management system based on vue and gin. I ...)
NOT-FOR-US: gin-vue-admin
CVE-2025-66405 (Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardr ...)
@@ -33995,7 +33994,7 @@ CVE-2025-66040 (Spotipy is a Python library for the Spotify Web API. Prior to ve
NOTE: https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-r77h-rpp9-w2xm
NOTE: https://github.com/spotipy-dev/spotipy/commit/880b92d7243dcf2b83bf31dc365a858d8b5e6767 (2.25.2)
CVE-2025-66035 (Angular is a development platform for building mobile and desktop web ...)
- - angular.js <unfixed> (bug #1126776)
+ - angular.js <not-affected> (vulnerable code introduced later in package @angular/common)
NOTE: https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
NOTE: https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
NOTE: https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d73215bb7b4a7b83fa4247669f48afc0650e1c9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d73215bb7b4a7b83fa4247669f48afc0650e1c9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260216/f5c90a04/attachment.htm>
More information about the debian-security-tracker-commits
mailing list