Sometimes you will be notified about security vulnerabilities in certain packages, through blogs or if you're using GitHub, you may notice warning like this on your repository:

This is a specific issue that arose when my Angular application was on version 5.0.0 and my CLI version was on 1.5.0. If you review this dependency, you can see the dependent packages and get more detail on the issue.

In this case, the vulnerable version of handlebars, 1.3.0 is being caused by one of Angular 5.0 packages.

Further research on Angular's GitHub issues reveals that the issue is actually caused by @angular/cli version 1.5.0. The reference is https://github.com/angular/angular/issues/20654.

This was to try an update to the latest minor version update of Angular, Material or CLI, which in this case is version 5.1.0 and 1.6.0:

$ npm install @angular/animations@^5.1.0 @angular/common@^5.1.0 @angular/compiler@^5.1.0 @angular/compiler-cli@^5.1.0 @angular/core@^5.1.0 @angular/forms@^5.1.0 @angular/http@^5.1.0 @angular/platform-browser@^5.1.0 @angular/platform-browser-dynamic@^5.1.0 @angular/platform-server@^5.1.0 @angular/router@^5.1.0 @angular/language-service@^5.1.0 @angular/cli@^1.6.0

This update resolved the security warning displayed by GitHub. If you are not able to resolve your issue by upgrading, create a new issue on GitHub and keep tabs on upcoming patch or minor releases of Angular until the issue is resolved.