Skip to content

CVE-2025-68121 @angular/build@20 uses a vulnerable version of "esbuild" - "0.25.9" #32975

Open
Open
CVE-2025-68121 @angular/build@20 uses a vulnerable version of "esbuild" - "0.25.9"#32975
Labels
area: @angular/buildgemini-triagedLabel noting that an issue has been triaged by geminiseverity6: security
@lukasmatta

Description

@lukasmatta
lukasmatta
opened on Apr 9, 2026

Security scanners are reporting prebuilt esbuild binaries for versions < 0.27.3 as vulnerable. For example:

https://secure.software/npm/packages/@esbuild/linux-x64/vulnerabilities/0.25.9

@angular/build@20 depends on esbuild@0.25.9.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area: @angular/buildgemini-triagedLabel noting that an issue has been triaged by geminiseverity6: security

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions