Every CVE whose affected-product data names Angularjs, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (26)
CVE-2026-50168 — CVSS 8.2 (high): Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior…
CVE-2019-10768 — CVSS 7.5 (high): In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a…
CVE-2026-50170 — CVSS 7.5 (high): Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior…
CVE-2026-54268 — CVSS 7.5 (high): Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior…
CVE-2026-50555 — CVSS 6.1 (medium): Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior…
CVE-2026-50557 — CVSS 6.1 (medium): Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior…
CVE-2026-52725 — CVSS 6.1 (medium): Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior…
CVE-2026-54264 — CVSS 6.1 (medium): Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior…
CVE-2026-50556 — CVSS 6.1 (medium): Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior…
CVE-2026-54266 — CVSS 6.1 (medium): Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior…
CVE-2026-54265 — CVSS 6.1 (medium): Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior…
CVE-2026-46417 — CVSS 6.1 (medium): Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior…
CVE-2019-14863 — CVSS 6.1 (medium): There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web…
CVE-2026-50169 — CVSS 6.1 (medium): Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior…
CVE-2026-54267 — CVSS 6.1 (medium): Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior…
CVE-2026-50171 — CVSS 6.1 (medium): Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior…
CVE-2026-50184 — CVSS 6.1 (medium): Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior…
CVE-2020-7676 — CVSS 5.4 (medium): angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one…
CVE-2022-25844 — CVSS 5.3 (medium): The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes…
CVE-2023-26116 — CVSS 5.3 (medium): Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility…
CVE-2023-26117 — CVSS 5.3 (medium): Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to…
CVE-2023-26118 — CVSS 5.3 (medium): Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url">…
CVE-2024-8373 — CVSS 4.8 (medium): Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image…
CVE-2024-8372 — CVSS 4.8 (medium): Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions…
CVE-2022-25869 — CVSS 4.2 (medium): All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to…
CVE-2021-4231 — CVSS 3.5 (low): A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of…