{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22610", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-07T21:50:39.534Z", "datePublished": "2026-01-10T03:35:40.727Z", "dateUpdated": "2026-02-26T15:04:50.480Z"}, "containers": {"cna": {"title": "Angular has XSS Vulnerability via Unsanitized SVG Script Attributes", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.5, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/angular/angular/security/advisories/GHSA-jrmj-c5cx-3cw6", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/angular/angular/security/advisories/GHSA-jrmj-c5cx-3cw6"}, {"name": "https://github.com/angular/angular/pull/66318", "tags": ["x_refsource_MISC"], "url": "https://github.com/angular/angular/pull/66318"}, {"name": "https://github.com/angular/angular/commit/91dc91bae4a1bbefc58bef6ef739d0e02ab44d56", "tags": ["x_refsource_MISC"], "url": "https://github.com/angular/angular/commit/91dc91bae4a1bbefc58bef6ef739d0e02ab44d56"}], "affected": [{"vendor": "angular", "product": "angular", "versions": [{"version": ">= 21.1.0-next.0, < 21.1.0-rc.0", "status": "affected"}, {"version": ">= 21.0.0-next.0, < 21.0.7", "status": "affected"}, {"version": ">= 20.0.0-next.0, < 20.3.16", "status": "affected"}, {"version": "< 19.2.18", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-10T03:35:40.727Z"}, "descriptions": [{"lang": "en", "value": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular\u2019s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG <script> elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0."}], "source": {"advisory": "GHSA-jrmj-c5cx-3cw6", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22610", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-13T04:55:49.721211Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:04:50.480Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22610", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-12T17:29:54.576393Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-12T17:29:57.792Z"}}], "cna": {"title": "Angular has XSS Vulnerability via Unsanitized SVG Script Attributes", "source": {"advisory": "GHSA-jrmj-c5cx-3cw6", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "angular", "product": "angular", "versions": [{"status": "affected", "version": ">= 21.1.0-next.0, < 21.1.0-rc.0"}, {"status": "affected", "version": ">= 21.0.0-next.0, < 21.0.7"}, {"status": "affected", "version": ">= 20.0.0-next.0, < 20.3.16"}, {"status": "affected", "version": "< 19.2.18"}]}], "references": [{"url": "https://github.com/angular/angular/security/advisories/GHSA-jrmj-c5cx-3cw6", "name": "https://github.com/angular/angular/security/advisories/GHSA-jrmj-c5cx-3cw6", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/angular/angular/pull/66318", "name": "https://github.com/angular/angular/pull/66318", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/angular/angular/commit/91dc91bae4a1bbefc58bef6ef739d0e02ab44d56", "name": "https://github.com/angular/angular/commit/91dc91bae4a1bbefc58bef6ef739d0e02ab44d56", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular\u2019s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG <script> elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-10T03:35:40.727Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22610", "state": "PUBLISHED", "dateUpdated": "2026-01-13T04:55:48.905Z", "dateReserved": "2026-01-07T21:50:39.534Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-01-10T03:35:40.727Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:angular:angular:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "B0857B9D-DDD4-42CC-B026-AF3B4081BD14", "versionEndIncluding": "18.2.14", "vulnerable": true}, {"criteria": "cpe:2.3:a:angular:angular:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "2A2B3B64-F5DE-4BC8-9008-4B4806233444", "versionEndExcluding": "19.2.18", "versionStartIncluding": "19.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:angular:angular:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "ADFC80EA-C757-4936-9F51-1157F276607A", "versionEndExcluding": "20.3.16", "versionStartIncluding": "20.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:angular:angular:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "13247BE7-FE79-4BE6-B3D3-D2A52463A44F", "versionEndExcluding": "21.0.7", "versionStartIncluding": "21.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:angular:angular:21.1.0:next0:*:*:*:node.js:*:*", "matchCriteriaId": "92792D0C-2057-4433-A3FA-17AB195D8262", "vulnerable": true}, {"criteria": "cpe:2.3:a:angular:angular:21.1.0:next1:*:*:*:node.js:*:*", "matchCriteriaId": "145F7287-BCAF-4546-BE0B-FDCDEBE742DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:angular:angular:21.1.0:next2:*:*:*:node.js:*:*", "matchCriteriaId": "52AADB8A-BCAC-4256-B229-4896E33AB0CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:angular:angular:21.1.0:next3:*:*:*:node.js:*:*", "matchCriteriaId": "91F13178-61B4-4A0F-AF9D-F1A87A0C6D59", "vulnerable": true}, {"criteria": "cpe:2.3:a:angular:angular:21.1.0:next4:*:*:*:node.js:*:*", "matchCriteriaId": "7A61420F-F0D6-4FB1-8600-BD3DD46E2283", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular\u2019s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG <script> elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0."}], "id": "CVE-2026-22610", "lastModified": "2026-02-23T18:23:55.623", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-01-10T04:16:01.517", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/angular/angular/commit/91dc91bae4a1bbefc58bef6ef739d0e02ab44d56"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/angular/angular/pull/66318"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory", "Mitigation"], "url": "https://github.com/angular/angular/security/advisories/GHSA-jrmj-c5cx-3cw6"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "angular: Angular: Cross-site scripting vulnerability in Template Compiler", "id": "2428424", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428424"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "status": "draft"}, "cwe": "CWE-79", "details": ["Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular\u2019s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG <script> elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0."], "name": "CVE-2026-22610", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Will not fix", "package_name": "openshift-logging/elasticsearch6-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Will not fix", "package_name": "openshift-logging/elasticsearch-operator-bundle", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Will not fix", "package_name": "openshift-logging/elasticsearch-proxy-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Will not fix", "package_name": "openshift-logging/elasticsearch-rhel9-operator", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Will not fix", "package_name": "openshift-logging/kibana6-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Will not fix", "package_name": "openshift-logging/logging-curator5-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/acm-grafana-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "gjs", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mozjs60", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "gjs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "polkit", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Affected", "package_name": "io.hawt-hawtio-integration", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Affected", "package_name": "io.hawt-hawtio-online", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Affected", "package_name": "io.hawt-project", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Affected", "package_name": "io.hawt-project", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Affected", "package_name": "io.hawt-project", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Affected", "package_name": "io.hawt-project", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Affected", "package_name": "qpid-dispatch", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel9", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Affected", "package_name": "org.keycloak-keycloak-parent", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2026-01-10T03:35:40Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-22610\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-22610\nhttps://github.com/angular/angular/commit/91dc91bae4a1bbefc58bef6ef739d0e02ab44d56\nhttps://github.com/angular/angular/pull/66318\nhttps://github.com/angular/angular/security/advisories/GHSA-jrmj-c5cx-3cw6"], "statement": "This vulnerability is rated Moderate for Red Hat products. A cross-site scripting (XSS) flaw in the Angular Template Compiler allows an attacker to inject malicious scripts into web pages. This affects several Red Hat products, including Red Hat Enterprise Application Platform, Red Hat JBoss Fuse, Red Hat OpenStack Platform, Red Hat Quay, Red Hat Advanced Cluster Management for Kubernetes, and Red Hat Single Sign-On. Certain components within Red Hat Enterprise Linux and Community Projects are either not affected or will not be fixed.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-18T19:16:26.461300+00:00", "value": {"mitigation_remediation": ["Upgrade Angular to version 19.2.18, 20.3.16, 21.0.7, 21.1.0\u2011rc.0, or any newer release that includes the template\u2011compiler fix.", "If an immediate upgrade is not possible, inspect application code for SVG <script> tags, and remove or encode href and xlink:href attributes before rendering, or apply Angular\u2019s DomSanitizer utilities to sanitize the content.", "Deploy a strict Content Security Policy that blocks inline scripts and restricts script sources to trusted origins, adding an extra layer of protection while the underlying framework is updated."], "summary": {"action": "Patch Immediately", "impact": "Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Angular versions earlier than 19.2.18, 20.3.16, 21.0.7, and 21.1.0\u2011rc.0. Applications built with any of those releases are at risk until the framework is updated to a patched version. The issue is independent of the underlying Node.js version, as the associated CPE strings show Angular as the primary component.", "description_and_impact": "Angular\u2019s Template Compiler misclassifies the href and xlink:href attributes of SVG <script> elements as unrestricted URLs. As a result, a malicious SVG file can embed arbitrary script code that will execute within the context of the page rendered by Angular. This flaw constitutes a classic script\u2011execution vulnerability, reflected by its assignment to CWE\u201179.", "risk_and_exploitability": "The CVSS score of 8.5 indicates high severity, while the EPSS score of less than 1\u202f% suggests a very low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Exploitability requires an attacker to supply a malicious SVG file that Angular renders; based on the description, it is inferred that the attacker would need to deliver such SVG content, typically through user\u2011supplied input or injection into a page that the application renders."}}}}, "created": "2026-01-12T14:36:37.376937+00:00", "updated": "2026-04-18T19:30:08.952100+00:00", "vendors": ["angular", "angular$PRODUCT$angular"]}