The State of JavaScript frameworks security report 2019 by Snyk explores the security vulnerabilities found in the core Angular and React projects. The report reveals that Angular v1.x, despite being outdated, still accounts for a significant share of downloads, representing 28% of all Angular downloads across all versions. This highlights the need to track security vulnerabilities in open-source components, including older versions, to quickly address any identified issues and prevent them from escalating a company's security posture over time. The report also notes that Angular v1.x vulnerabilities lack CVE references, making it challenging for dedicated analysts to track them using traditional methods. In contrast, Snyk's vulnerability database for Angular 1.x provides comprehensive coverage, including fix PRs for developers. Similarly, React's core modules, including react and react-dom, were found to have XSS vulnerabilities, which are still present in older versions. The report emphasizes the importance of staying up-to-date with security fixes and upgrading open-source components as early as possible to avoid unnecessary security risks. Additionally, it highlights Preact, a lightweight and faster React alternative, which has a medium-severity vulnerability affecting its 10.0.0 pre-release branch versions from March and April 2019. Overall, the report underscores the need for developers to prioritize security in their projects by leveraging tools like Snyk's vulnerability database.