[Git][security-tracker-team/security-tracker][master] Track some new angular.js issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 23 15:32:07 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b328dc8f by Salvatore Bonaccorso at 2026-06-23T16:32:00+02:00
Track some new angular.js issues
The version in Debian is substantially outdated and hard to track which
issue still affects the ancient version. Mark all issues for now
undetermined.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -340,15 +340,30 @@ CVE-2026-54270 (protobufjs compiles protobuf definitions into JavaScript (JS) fu
CVE-2026-54269 (protobufjs compiles protobuf definitions into JavaScript (JS) function ...)
- node-protobufjs <itp> (bug #977564)
CVE-2026-54268 (Angular is a development platform for building mobile and desktop web ...)
- TODO: check
+ - angular.js <undetermined>
+ NOTE: https://github.com/angular/angular/security/advisories/GHSA-48r7-hpm6-gfxm
+ NOTE: https://github.com/angular/angular/pull/69197
+ NOTE: https://github.com/angular/angular/commit/eeb03f4ea310e2e51ba5d53a421ec7b418e186cd
CVE-2026-54267 (Angular is a development platform for building mobile and desktop web ...)
- TODO: check
+ - angular.js <undetermined>
+ NOTE: https://github.com/angular/angular/security/advisories/GHSA-rgjc-h3x7-9mwg
+ NOTE: https://github.com/angular/angular/pull/69064
+ NOTE: https://github.com/angular/angular/commit/6bde84fa8e6a5770b54040fbbc9bf10d5d0386fa
CVE-2026-54266 (Angular is a development platform for building mobile and desktop web ...)
- TODO: check
+ - angular.js <undetermined>
+ NOTE: https://github.com/angular/angular/security/advisories/GHSA-39pv-4j6c-2g6v
+ NOTE: https://github.com/angular/angular/pull/69153
+ NOTE: https://github.com/angular/angular/commit/5f36274da3f961430ae72865159afa02a1dd9133
CVE-2026-54265 (Angular is a development platform for building mobile and desktop web ...)
- TODO: check
+ - angular.js <undetermined>
+ NOTE: https://github.com/angular/angular/security/advisories/GHSA-58w9-8g37-x9v5
+ NOTE: https://github.com/angular/angular/pull/69107
+ NOTE: https://github.com/angular/angular/commit/3c70270c96677c0dd33585f2afe8e187113e5fb4
CVE-2026-54264 (Angular is a development platform for building mobile and desktop web ...)
- TODO: check
+ - angular.js <undetermined>
+ NOTE: https://github.com/angular/angular/security/advisories/GHSA-qxh6-94w6-9r5p
+ NOTE: https://github.com/angular/angular/pull/69029
+ NOTE: https://github.com/angular/angular/commit/47d68dcb26266316647133ab6385e77fc3e5ae08
CVE-2026-54100 (A flaw was found in the Windows Machine Config Operator (WMCO) for Red ...)
NOT-FOR-US: Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform
CVE-2026-54099 (A flaw was found in the Windows Machine Config Operator (WMCO) for Red ...)
@@ -388,29 +403,47 @@ CVE-2026-53537 (Python-Multipart is a streaming multipart parser for Python. Pri
NOTE: https://github.com/Kludex/python-multipart/security/advisories/GHSA-vffw-93wf-4j4q
NOTE: Fixed by: https://github.com/Kludex/python-multipart/commit/3506c15ce99cb62faf2d5ceb3c4c1e5800cb843d (0.0.30)
CVE-2026-52725 (Angular is a development platform for building mobile and desktop web ...)
- TODO: check
+ - angular.js <undetermined>
+ NOTE: https://github.com/angular/angular/security/advisories/GHSA-692r-grfm-v8x7
+ NOTE: https://github.com/angular/angular/pull/68686
+ NOTE: https://github.com/angular/angular/pull/68713
CVE-2026-50557 (Angular is a development platform for building mobile and desktop web ...)
- TODO: check
+ - angular.js <undetermined>
+ NOTE: https://github.com/angular/angular/security/advisories/GHSA-f3m7-gqxr-g87x
+ NOTE: https://github.com/angular/angular/pull/68689
+ NOTE: https://github.com/angular/angular/pull/68868
CVE-2026-50556 (Angular is a development platform for building mobile and desktop web ...)
- TODO: check
+ - angular.js <undetermined>
+ NOTE: https://github.com/angular/angular/security/advisories/GHSA-gxx4-3xcv-f8qx
+ NOTE: https://github.com/angular/angular/issues/68903
CVE-2026-50555 (Angular is a development platform for building mobile and desktop web ...)
- TODO: check
+ - angular.js <undetermined>
+ NOTE: https://github.com/angular/angular/security/advisories/GHSA-hqr9-c56f-3x7
CVE-2026-50269 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
- python-aiohttp 3.14.0-1
NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-m6qw-4cw2-hm4m
NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/bf88077ebb14f4c29924b8e8904cba20c55c28b8 (v3.14.0)
CVE-2026-50184 (Angular is a development platform for building mobile and desktop web ...)
- TODO: check
+ - angular.js <undetermined>
+ NOTE: https://github.com/angular/angular/security/advisories/GHSA-95qp-cmmw-mgqv
+ NOTE: https://github.com/angular/angular/pull/68904
CVE-2026-50178 (The Angular Language Service VS Code Extension provides a rich editing ...)
TODO: check
CVE-2026-50171 (Angular is a development platform for building mobile and desktop web ...)
- TODO: check
+ - angular.js <undetermined>
+ NOTE: https://github.com/angular/angular/security/advisories/GHSA-p3vc-36g9-x9gr
CVE-2026-50170 (Angular is a development platform for building mobile and desktop web ...)
- TODO: check
+ - angular.js <undetermined>
+ NOTE: https://github.com/angular/angular/security/advisories/GHSA-q6f4-qqrg-jv6x
+ NOTE: https://github.com/angular/angular/pull/67964
CVE-2026-50169 (Angular is a development platform for building mobile and desktop web ...)
- TODO: check
+ - angular.js <undetermined>
+ NOTE: https://github.com/angular/angular/security/advisories/GHSA-gv2q-mqqv-365m
+ NOTE: https://github.com/angular/angular/pull/67494
CVE-2026-50168 (Angular is a development platform for building mobile and desktop web ...)
- TODO: check
+ - angular.js <undetermined>
+ NOTE: https://github.com/angular/angular/security/advisories/GHSA-xrxm-cp7j-8xf6
+ NOTE: https://github.com/angular/angular/pull/68928
CVE-2026-50146 (Astro is a web framework. Prior to 6.3.3, when a component uses a clie ...)
NOT-FOR-US: Astro
CVE-2026-49356 (Babel is a compiler for writing next generation JavaScript. Prior to 8 ...)
@@ -420,7 +453,9 @@ CVE-2026-49241 (The Angular Language Service VS Code Extension provides a rich e
CVE-2026-48712 (protobufjs compiles protobuf definitions into JavaScript (JS) function ...)
- node-protobufjs <itp> (bug #977564)
CVE-2026-46417 (Angular is a development platform for building mobile and desktop web ...)
- TODO: check
+ - angular.js <undetermined>
+ NOTE: https://github.com/angular/angular/security/advisories/GHSA-rfh7-fxqc-q52v
+ NOTE: https://github.com/angular/angular/pull/68570
CVE-2026-44914 (Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replac ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-44913 (Improper escaping of database table names in the CaptureChangeMySQL Pr ...)
@@ -28868,7 +28903,10 @@ CVE-2026-41491 (Dapr is a portable, event-driven, runtime for building distribut
CVE-2026-41487 (Langfuse is an open source large language model engineering platform. ...)
NOT-FOR-US: Langfuse
CVE-2026-41423 (Angular is a development platform for building mobile and desktop web ...)
- TODO: check
+ - angular.js <undetermined>
+ NOTE: https://github.com/angular/angular/security/advisories/GHSA-45q2-gjvg-7973
+ NOTE: https://github.com/angular/angular/pull/68194
+ NOTE: https://github.com/angular/angular/commit/ede7c58a2aa13fdccc8f0b67ce93ba1c11749412
CVE-2026-41308 (Password Pusher is an open source application to communicate sensitive ...)
NOT-FOR-US: Password Pusher
CVE-2026-41161 (Sync-in Server is a secure, open-source platform for file storage, sha ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b328dc8f9c60b2820715cd4738677c1b7bbaf139
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b328dc8f9c60b2820715cd4738677c1b7bbaf139
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260623/f64c718b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list