Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9ecfa526 by Salvatore Bonaccorso at 2025-12-13T23:57:47+01:00
Add new angular.js issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5904,7 +5904,10 @@ CVE-2025-66448 (vLLM is an inference and serving engine
for large language model
CVE-2025-66415 (fastify-reply-from is a Fastify plugin to forward the current
HTTP req ...)
NOT-FOR-US: fastify-reply-from Fastify plugin
CVE-2025-66412 (Angular is a development platform for building mobile and
desktop web ...)
- TODO: check
+ - angular.js <undetermined>
+ NOTE:
https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49
+ NOTE:
https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a
+ TODO: check, might not impact the 1.x versions of Angular
CVE-2025-66410 (Gin-vue-admin is a backstage management system based on vue
and gin. I ...)
NOT-FOR-US: gin-vue-admin
CVE-2025-66405 (Portkey.ai Gateway is a blazing fast AI Gateway with
integrated guardr ...)
@@ -6618,7 +6621,12 @@ CVE-2025-66040 (Spotipy is a Python library for the
Spotify Web API. Prior to ve
NOTE:
https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-r77h-rpp9-w2xm
NOTE:
https://github.com/spotipy-dev/spotipy/commit/880b92d7243dcf2b83bf31dc365a858d8b5e6767
(2.25.2)
CVE-2025-66035 (Angular is a development platform for building mobile and
desktop web ...)
- TODO: check
+ - angular.js <undetermined>
+ NOTE:
https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
+ NOTE:
https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
+ NOTE:
https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
+ NOTE:
https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
+ TODO: check, might not affect 1.x versions of Angular, code is
significantly diverging
CVE-2025-66031 (Forge (also called `node-forge`) is a native implementation of
Transpo ...)
- node-node-forge <removed>
NOTE:
https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27
@@ -41019,7 +41027,9 @@ CVE-2025-50461 (A deserialization vulnerability exists
in Volcengine's verl 3.0.
CVE-2025-50434 (A security issue has been identified in Appian Enterprise
Business Pro ...)
NOT-FOR-US: Appian Enterprise Business Process Management
CVE-2025-4690 (A regular expression used by AngularJS' linky
https://docs.angularjs.o ...)
- TODO: check
+ - angular.js <unfixed>
+ NOTE: https://www.herodevs.com/vulnerability-directory/cve-2025-4690
+ NOTE:
https://codepen.io/herodevs/pen/RNNEPzP/751b91eab7730dff277523f3d50e4b77
CVE-2025-4046 (A missing authorization vulnerability in Lexmark Cloud Services
badge ...)
NOT-FOR-US: Lexmark
CVE-2025-4044 (Improper Restriction of XML External Entity Reference in
various Lexma ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ecfa526e3994afbe20ccbaef5c3f73012c39dfa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9ecfa526e3994afbe20ccbaef5c3f73012c39dfa
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
