Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package angular, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (12)
CVE-2024-21490 — CVSS 7.5 (high): This affects versions of the package angular from 1.3.0; versions of the package angularjs from 1.3.0. A regular expression used to split…
CVE-2019-10768 — CVSS 7.5 (high): In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a…
CVE-2019-14863 — CVSS 6.1 (medium): There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web…
CVE-2020-7676 — CVSS 5.4 (medium): angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one…
CVE-2023-26117 — CVSS 5.3 (medium): Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to…
CVE-2022-25844 — CVSS 5.3 (medium): The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes…
CVE-2023-26116 — CVSS 5.3 (medium): Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility…
CVE-2023-26118 — CVSS 5.3 (medium): Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url">…
CVE-2024-8372 — CVSS 4.8 (medium): Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions…
CVE-2024-8373 — CVSS 4.8 (medium): Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image…
CVE-2025-0716 — CVSS 4.8 (medium): Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to…
CVE-2022-25869 — CVSS 4.2 (medium): All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to…