protobufjs : Schema-derived names can shadow runtime-significant properties
@angular/service-worker: Sensitive Header Leakage on Cross-Origin Redirects in Angular Service Worker
@angular/common: Denial of Service (DoS) via OOM in Date Formatting (formatDate)
@angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning
@angular/compiler: Two-Way Property Binding Sanitization Bypass (XSS)
Angular: Template and Attribute Namespace Sanitization Bypass (XSS)
@angular/platform-server: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR
@angular/platform-server: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)
launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows
vite: `server.fs.deny` bypass on Windows alternate paths
JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases
@babel/core: Arbitrary File Read via sourceMappingURL Comment
@angular/service-worker: Request Credential & Cache Policy Stripping
@angular/common: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)
@angular/common: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache
@angular/core: Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)
Symfony: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes
Angular Service Worker Policy-Bypass & Credential-Stripping Vulnerabilities
@angular/platform-server: URL Parser Differential leading to SSRF Allowlist Bypass