Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40angular/compiler@20.0.4
Typenpm
Namespace@angular
Namecompiler
Version20.0.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version20.3.18
Latest_non_vulnerable_version22.0.0-next.3
Affected_by_vulnerabilities
0
url VCID-93fn-y2c4-2bbc
vulnerability_id VCID-93fn-y2c4-2bbc
summary Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, a Cross-Site Scripting (XSS) vulnerability has been identified in the Angular runtime and compiler. It occurs when the application uses a security-sensitive attribute (for example href on an anchor tag) together with Angular's ability to internationalize attributes. Enabling internationalization for the sensitive attribute by adding i18n-<attribute> name bypasses Angular's built-in sanitization mechanism, which when combined with a data binding to untrusted user-generated data can allow an attacker to inject a malicious script. This vulnerability is fixed in 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32635.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32635.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32635
reference_id
reference_type
scores
0
value 0.00054
scoring_system epss
scoring_elements 0.17141
published_at 2026-06-11T12:55:00Z
1
value 0.00054
scoring_system epss
scoring_elements 0.17292
published_at 2026-06-14T12:55:00Z
2
value 0.00054
scoring_system epss
scoring_elements 0.17319
published_at 2026-06-13T12:55:00Z
3
value 0.00054
scoring_system epss
scoring_elements 0.17304
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32635
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32635
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32635
3
reference_url https://github.com/angular/angular
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular
4
reference_url https://github.com/angular/angular/commit/224e60ecb1b90115baa702f1c06edc1d64d86187
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular/commit/224e60ecb1b90115baa702f1c06edc1d64d86187
5
reference_url https://github.com/angular/angular/commit/78dea55351fb305b33a919c43a6b363137eca166
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular/commit/78dea55351fb305b33a919c43a6b363137eca166
6
reference_url https://github.com/angular/angular/commit/8630319f74c9575a21693d875cc7d5252516146d
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular/commit/8630319f74c9575a21693d875cc7d5252516146d
7
reference_url https://github.com/angular/angular/commit/ed2d324f9cc12aab6cfa0569ef10b73243a62c65
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular/commit/ed2d324f9cc12aab6cfa0569ef10b73243a62c65
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32635
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32635
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2447515
reference_id 2447515
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2447515
10
reference_url https://github.com/angular/angular/pull/67541
reference_id 67541
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-16T15:29:00Z/
url https://github.com/angular/angular/pull/67541
11
reference_url https://github.com/angular/angular/pull/67561
reference_id 67561
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-16T15:29:00Z/
url https://github.com/angular/angular/pull/67561
12
reference_url https://github.com/advisories/GHSA-g93w-mfhg-p222
reference_id GHSA-g93w-mfhg-p222
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g93w-mfhg-p222
13
reference_url https://github.com/angular/angular/security/advisories/GHSA-g93w-mfhg-p222
reference_id GHSA-g93w-mfhg-p222
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-16T15:29:00Z/
url https://github.com/angular/angular/security/advisories/GHSA-g93w-mfhg-p222
fixed_packages
0
url pkg:npm/%40angular/compiler@20.3.18
purl pkg:npm/%40angular/compiler@20.3.18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540angular/compiler@20.3.18
1
url pkg:npm/%40angular/compiler@21.2.4
purl pkg:npm/%40angular/compiler@21.2.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540angular/compiler@21.2.4
2
url pkg:npm/%40angular/compiler@22.0.0-next.3
purl pkg:npm/%40angular/compiler@22.0.0-next.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540angular/compiler@22.0.0-next.3
aliases CVE-2026-32635, GHSA-g93w-mfhg-p222
risk_score 4.0
exploitability 0.5
weighted_severity 8.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93fn-y2c4-2bbc
1
url VCID-jwak-mgk4-9ygp
vulnerability_id VCID-jwak-mgk4-9ygp
summary Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66412.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66412.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-66412
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08146
published_at 2026-06-11T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.0818
published_at 2026-06-14T12:55:00Z
2
value 0.00027
scoring_system epss
scoring_elements 0.08181
published_at 2026-06-13T12:55:00Z
3
value 0.00027
scoring_system epss
scoring_elements 0.08185
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-66412
2
reference_url https://cert-portal.siemens.com/productcert/html/ssa-485750.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/html/ssa-485750.html
3
reference_url https://github.com/angular/angular
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular
4
reference_url https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a
reference_id 1c6b0704fb63d051fab8acff84d076abfbc4893a
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T14:12:58Z/
url https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2418155
reference_id 2418155
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2418155
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66412
reference_id CVE-2025-66412
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-66412
7
reference_url https://github.com/advisories/GHSA-v4hv-rgfq-gp49
reference_id GHSA-v4hv-rgfq-gp49
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v4hv-rgfq-gp49
8
reference_url https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49
reference_id GHSA-v4hv-rgfq-gp49
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T14:12:58Z/
url https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49
fixed_packages
0
url pkg:npm/%40angular/compiler@20.3.15
purl pkg:npm/%40angular/compiler@20.3.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93fn-y2c4-2bbc
1
vulnerability VCID-kf8e-gfn4-s3gb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540angular/compiler@20.3.15
1
url pkg:npm/%40angular/compiler@21.0.2
purl pkg:npm/%40angular/compiler@21.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93fn-y2c4-2bbc
1
vulnerability VCID-kf8e-gfn4-s3gb
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540angular/compiler@21.0.2
aliases CVE-2025-66412, GHSA-v4hv-rgfq-gp49
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwak-mgk4-9ygp
2
url VCID-kf8e-gfn4-s3gb
vulnerability_id VCID-kf8e-gfn4-s3gb
summary Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG <script> elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22610.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22610.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22610
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01131
published_at 2026-06-13T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01134
published_at 2026-06-14T12:55:00Z
2
value 0.0001
scoring_system epss
scoring_elements 0.01125
published_at 2026-06-11T12:55:00Z
3
value 0.0001
scoring_system epss
scoring_elements 0.01124
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22610
2
reference_url https://cert-portal.siemens.com/productcert/html/ssa-485750.html
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/html/ssa-485750.html
3
reference_url https://github.com/angular/angular
reference_id
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2428424
reference_id 2428424
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2428424
5
reference_url https://github.com/angular/angular/pull/66318
reference_id 66318
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T04:55:49Z/
url https://github.com/angular/angular/pull/66318
6
reference_url https://github.com/angular/angular/commit/91dc91bae4a1bbefc58bef6ef739d0e02ab44d56
reference_id 91dc91bae4a1bbefc58bef6ef739d0e02ab44d56
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T04:55:49Z/
url https://github.com/angular/angular/commit/91dc91bae4a1bbefc58bef6ef739d0e02ab44d56
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22610
reference_id CVE-2026-22610
reference_type
scores
0
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22610
8
reference_url https://github.com/advisories/GHSA-jrmj-c5cx-3cw6
reference_id GHSA-jrmj-c5cx-3cw6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jrmj-c5cx-3cw6
9
reference_url https://github.com/angular/angular/security/advisories/GHSA-jrmj-c5cx-3cw6
reference_id GHSA-jrmj-c5cx-3cw6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-13T04:55:49Z/
url https://github.com/angular/angular/security/advisories/GHSA-jrmj-c5cx-3cw6
fixed_packages
0
url pkg:npm/%40angular/compiler@20.3.16
purl pkg:npm/%40angular/compiler@20.3.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93fn-y2c4-2bbc
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540angular/compiler@20.3.16
1
url pkg:npm/%40angular/compiler@21.0.7
purl pkg:npm/%40angular/compiler@21.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93fn-y2c4-2bbc
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540angular/compiler@21.0.7
2
url pkg:npm/%40angular/compiler@21.1.0-rc.0
purl pkg:npm/%40angular/compiler@21.1.0-rc.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-93fn-y2c4-2bbc
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540angular/compiler@21.1.0-rc.0
aliases CVE-2026-22610, GHSA-jrmj-c5cx-3cw6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kf8e-gfn4-s3gb
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540angular/compiler@20.0.4