Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie
Typedeb
Namespacedebian
Nameangular.js
Version1.8.3-1+deb12u1~deb11u1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.8.3-1+deb12u1
Latest_non_vulnerable_version1.8.3-3
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1x1p-ye9j-rug4
vulnerability_id VCID-1x1p-ye9j-rug4
summary 
Improper sanitization of the value of the `[srcset]` attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .

This issue affects AngularJS versions 1.3.0-rc.4 and greater.

Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8372.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8372.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-8372
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03346
published_at 2026-04-21T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03225
published_at 2026-04-18T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03296
published_at 2026-04-04T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03215
published_at 2026-04-16T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.0324
published_at 2026-04-13T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.03261
published_at 2026-04-12T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.03289
published_at 2026-04-11T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.03331
published_at 2026-04-09T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.0331
published_at 2026-04-08T12:55:00Z
9
value 0.00015
scoring_system epss
scoring_elements 0.03305
published_at 2026-04-07T12:55:00Z
10
value 0.00015
scoring_system epss
scoring_elements 0.03285
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-8372
2
reference_url https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:06:37Z/
url https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8372
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8372
4
reference_url https://github.com/angular/angular.js
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js
5
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-8372
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-8372
7
reference_url https://security.netapp.com/advisory/ntap-20241122-0002
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241122-0002
8
reference_url https://www.herodevs.com/vulnerability-directory/cve-2024-8372
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:06:37Z/
url https://www.herodevs.com/vulnerability-directory/cve-2024-8372
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088804
reference_id 1088804
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088804
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2310871
reference_id 2310871
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2310871
11
reference_url https://github.com/advisories/GHSA-m9gf-397r-hwpg
reference_id GHSA-m9gf-397r-hwpg
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m9gf-397r-hwpg
12
reference_url https://usn.ubuntu.com/7958-1/
reference_id USN-7958-1
reference_type
scores
url https://usn.ubuntu.com/7958-1/
fixed_packages
0
url pkg:deb/debian/angular.js@1.8.2-2?distro=trixie
purl pkg:deb/debian/angular.js@1.8.2-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie
1
url pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1~deb11u1%3Fdistro=trixie
2
url pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/angular.js@1.8.3-2?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-2%3Fdistro=trixie
4
url pkg:deb/debian/angular.js@1.8.3-3?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie
aliases CVE-2024-8372, GHSA-m9gf-397r-hwpg
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1x1p-ye9j-rug4
1
url VCID-6map-62jp-tkgu
vulnerability_id VCID-6map-62jp-tkgu
summary 
angular vulnerable to regular expression denial of service via the $resource service
All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26117.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26117.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26117
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.5084
published_at 2026-04-13T12:55:00Z
1
value 0.00274
scoring_system epss
scoring_elements 0.50855
published_at 2026-04-12T12:55:00Z
2
value 0.00274
scoring_system epss
scoring_elements 0.50878
published_at 2026-04-16T12:55:00Z
3
value 0.00274
scoring_system epss
scoring_elements 0.50836
published_at 2026-04-09T12:55:00Z
4
value 0.00274
scoring_system epss
scoring_elements 0.50838
published_at 2026-04-08T12:55:00Z
5
value 0.00274
scoring_system epss
scoring_elements 0.50781
published_at 2026-04-07T12:55:00Z
6
value 0.00274
scoring_system epss
scoring_elements 0.50824
published_at 2026-04-04T12:55:00Z
7
value 0.00274
scoring_system epss
scoring_elements 0.50799
published_at 2026-04-02T12:55:00Z
8
value 0.00318
scoring_system epss
scoring_elements 0.54914
published_at 2026-04-18T12:55:00Z
9
value 0.00318
scoring_system epss
scoring_elements 0.54893
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26117
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26117
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26117
3
reference_url https://github.com/angular/angular.js
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js
4
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K
7
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323
8
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325
9
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324
10
reference_url https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/
url https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
11
reference_url https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/
url https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694
reference_id 1036694
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2183108
reference_id 2183108
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2183108
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26117
reference_id CVE-2023-26117
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26117
15
reference_url https://github.com/advisories/GHSA-2qqx-w9hr-q5gx
reference_id GHSA-2qqx-w9hr-q5gx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2qqx-w9hr-q5gx
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/
reference_id OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/
reference_id UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/
18
reference_url https://usn.ubuntu.com/7958-1/
reference_id USN-7958-1
reference_type
scores
url https://usn.ubuntu.com/7958-1/
fixed_packages
0
url pkg:deb/debian/angular.js@1.8.2-2?distro=trixie
purl pkg:deb/debian/angular.js@1.8.2-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie
1
url pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1~deb11u1%3Fdistro=trixie
2
url pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/angular.js@1.8.3-2?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-2%3Fdistro=trixie
4
url pkg:deb/debian/angular.js@1.8.3-3?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie
aliases CVE-2023-26117, GHSA-2qqx-w9hr-q5gx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6map-62jp-tkgu
2
url VCID-8juz-913g-zfdb
vulnerability_id VCID-8juz-913g-zfdb
summary 
angular vulnerable to super-linear runtime due to backtracking
This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. 


**Note:**

This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21490.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21490.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21490
reference_id
reference_type
scores
0
value 0.02246
scoring_system epss
scoring_elements 0.84596
published_at 2026-04-21T12:55:00Z
1
value 0.02246
scoring_system epss
scoring_elements 0.84512
published_at 2026-04-02T12:55:00Z
2
value 0.02246
scoring_system epss
scoring_elements 0.84533
published_at 2026-04-04T12:55:00Z
3
value 0.02246
scoring_system epss
scoring_elements 0.84536
published_at 2026-04-07T12:55:00Z
4
value 0.02246
scoring_system epss
scoring_elements 0.84595
published_at 2026-04-18T12:55:00Z
5
value 0.02246
scoring_system epss
scoring_elements 0.84594
published_at 2026-04-16T12:55:00Z
6
value 0.02246
scoring_system epss
scoring_elements 0.84574
published_at 2026-04-13T12:55:00Z
7
value 0.02246
scoring_system epss
scoring_elements 0.84579
published_at 2026-04-12T12:55:00Z
8
value 0.02246
scoring_system epss
scoring_elements 0.84583
published_at 2026-04-11T12:55:00Z
9
value 0.02246
scoring_system epss
scoring_elements 0.84558
published_at 2026-04-08T12:55:00Z
10
value 0.02246
scoring_system epss
scoring_elements 0.84564
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21490
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21490
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21490
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/angular/angular.js
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js
5
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-21490
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-21490
7
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746
8
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747
9
reference_url https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/
url https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113
10
reference_url https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/
url https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos
11
reference_url https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088803
reference_id 1088803
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088803
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2263754
reference_id 2263754
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2263754
14
reference_url https://github.com/advisories/GHSA-4w4v-5hc9-xrr2
reference_id GHSA-4w4v-5hc9-xrr2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4w4v-5hc9-xrr2
15
reference_url https://usn.ubuntu.com/7958-1/
reference_id USN-7958-1
reference_type
scores
url https://usn.ubuntu.com/7958-1/
fixed_packages
0
url pkg:deb/debian/angular.js@1.8.2-2?distro=trixie
purl pkg:deb/debian/angular.js@1.8.2-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie
1
url pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1~deb11u1%3Fdistro=trixie
2
url pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/angular.js@1.8.3-2?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-2%3Fdistro=trixie
4
url pkg:deb/debian/angular.js@1.8.3-3?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie
aliases CVE-2024-21490, GHSA-4w4v-5hc9-xrr2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8juz-913g-zfdb
3
url VCID-cfxn-m6af-2kb8
vulnerability_id VCID-cfxn-m6af-2kb8
summary 
Improper sanitization of the value of the `[srcset]` attribute in `<source>` HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .

This issue affects all versions of AngularJS.

Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8373.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8373.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-8373
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02329
published_at 2026-04-21T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02236
published_at 2026-04-18T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02227
published_at 2026-04-16T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02247
published_at 2026-04-12T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02258
published_at 2026-04-11T12:55:00Z
5
value 0.00013
scoring_system epss
scoring_elements 0.02276
published_at 2026-04-09T12:55:00Z
6
value 0.00013
scoring_system epss
scoring_elements 0.02254
published_at 2026-04-08T12:55:00Z
7
value 0.00013
scoring_system epss
scoring_elements 0.02253
published_at 2026-04-07T12:55:00Z
8
value 0.00013
scoring_system epss
scoring_elements 0.02245
published_at 2026-04-13T12:55:00Z
9
value 0.00013
scoring_system epss
scoring_elements 0.0224
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-8373
2
reference_url https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:04:03Z/
url https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8373
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8373
4
reference_url https://github.com/angular/angular.js
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js
5
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-8373
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-8373
7
reference_url https://security.netapp.com/advisory/ntap-20241122-0003
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241122-0003
8
reference_url https://www.herodevs.com/vulnerability-directory/cve-2024-8373
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:04:03Z/
url https://www.herodevs.com/vulnerability-directory/cve-2024-8373
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088805
reference_id 1088805
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088805
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2310872
reference_id 2310872
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2310872
11
reference_url https://github.com/advisories/GHSA-mqm9-c95h-x2p6
reference_id GHSA-mqm9-c95h-x2p6
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mqm9-c95h-x2p6
12
reference_url https://usn.ubuntu.com/7958-1/
reference_id USN-7958-1
reference_type
scores
url https://usn.ubuntu.com/7958-1/
fixed_packages
0
url pkg:deb/debian/angular.js@1.8.2-2?distro=trixie
purl pkg:deb/debian/angular.js@1.8.2-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie
1
url pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1~deb11u1%3Fdistro=trixie
2
url pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/angular.js@1.8.3-2?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-2%3Fdistro=trixie
4
url pkg:deb/debian/angular.js@1.8.3-3?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie
aliases CVE-2024-8373, GHSA-mqm9-c95h-x2p6
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cfxn-m6af-2kb8
4
url VCID-cpwp-gasq-kffz
vulnerability_id VCID-cpwp-gasq-kffz
summary 
angular vulnerable to regular expression denial of service via the <input type="url"> element
All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26118.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26118.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26118
reference_id
reference_type
scores
0
value 0.00526
scoring_system epss
scoring_elements 0.67031
published_at 2026-04-12T12:55:00Z
1
value 0.00526
scoring_system epss
scoring_elements 0.67045
published_at 2026-04-11T12:55:00Z
2
value 0.00526
scoring_system epss
scoring_elements 0.67025
published_at 2026-04-09T12:55:00Z
3
value 0.00526
scoring_system epss
scoring_elements 0.67013
published_at 2026-04-08T12:55:00Z
4
value 0.00526
scoring_system epss
scoring_elements 0.66989
published_at 2026-04-04T12:55:00Z
5
value 0.00526
scoring_system epss
scoring_elements 0.66964
published_at 2026-04-07T12:55:00Z
6
value 0.00526
scoring_system epss
scoring_elements 0.67033
published_at 2026-04-16T12:55:00Z
7
value 0.00526
scoring_system epss
scoring_elements 0.67
published_at 2026-04-13T12:55:00Z
8
value 0.0061
scoring_system epss
scoring_elements 0.69803
published_at 2026-04-18T12:55:00Z
9
value 0.0061
scoring_system epss
scoring_elements 0.69784
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26118
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26118
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26118
3
reference_url https://github.com/angular/angular.js
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js
4
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K
7
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326
8
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328
9
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327
10
reference_url https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/
url https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
11
reference_url https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/
url https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694
reference_id 1036694
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2183110
reference_id 2183110
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2183110
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26118
reference_id CVE-2023-26118
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26118
15
reference_url https://github.com/advisories/GHSA-qwqh-hm9m-p5hr
reference_id GHSA-qwqh-hm9m-p5hr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qwqh-hm9m-p5hr
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/
reference_id OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/
reference_id UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/
18
reference_url https://usn.ubuntu.com/7958-1/
reference_id USN-7958-1
reference_type
scores
url https://usn.ubuntu.com/7958-1/
fixed_packages
0
url pkg:deb/debian/angular.js@1.8.2-2?distro=trixie
purl pkg:deb/debian/angular.js@1.8.2-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie
1
url pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1~deb11u1%3Fdistro=trixie
2
url pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/angular.js@1.8.3-2?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-2%3Fdistro=trixie
4
url pkg:deb/debian/angular.js@1.8.3-3?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie
aliases CVE-2023-26118, GHSA-qwqh-hm9m-p5hr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cpwp-gasq-kffz
5
url VCID-njvf-2y8u-5kfw
vulnerability_id VCID-njvf-2y8u-5kfw
summary 
AngularJS improperly sanitizes SVG elements
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing  and also negatively affect the application's performance and behavior by using too large or slow-to-load images.

This issue affects all versions of AngularJS.

Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0716.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0716.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-0716
reference_id
reference_type
scores
0
value 0.00048
scoring_system epss
scoring_elements 0.14655
published_at 2026-04-21T12:55:00Z
1
value 0.00048
scoring_system epss
scoring_elements 0.14798
published_at 2026-04-02T12:55:00Z
2
value 0.00048
scoring_system epss
scoring_elements 0.14876
published_at 2026-04-04T12:55:00Z
3
value 0.00048
scoring_system epss
scoring_elements 0.14677
published_at 2026-04-07T12:55:00Z
4
value 0.00048
scoring_system epss
scoring_elements 0.14767
published_at 2026-04-08T12:55:00Z
5
value 0.00048
scoring_system epss
scoring_elements 0.14828
published_at 2026-04-09T12:55:00Z
6
value 0.00048
scoring_system epss
scoring_elements 0.14787
published_at 2026-04-11T12:55:00Z
7
value 0.00048
scoring_system epss
scoring_elements 0.1475
published_at 2026-04-12T12:55:00Z
8
value 0.00048
scoring_system epss
scoring_elements 0.14694
published_at 2026-04-13T12:55:00Z
9
value 0.00048
scoring_system epss
scoring_elements 0.14588
published_at 2026-04-16T12:55:00Z
10
value 0.00048
scoring_system epss
scoring_elements 0.14594
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-0716
2
reference_url https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T18:33:33Z/
url https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0716
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0716
4
reference_url https://github.com/angular/angular.js
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js
5
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-0716
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-0716
7
reference_url https://www.herodevs.com/vulnerability-directory/cve-2025-0716
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T18:33:33Z/
url https://www.herodevs.com/vulnerability-directory/cve-2025-0716
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104485
reference_id 1104485
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104485
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2362958
reference_id 2362958
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2362958
10
reference_url https://github.com/advisories/GHSA-j58c-ww9w-pwp5
reference_id GHSA-j58c-ww9w-pwp5
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j58c-ww9w-pwp5
11
reference_url https://usn.ubuntu.com/7958-1/
reference_id USN-7958-1
reference_type
scores
url https://usn.ubuntu.com/7958-1/
fixed_packages
0
url pkg:deb/debian/angular.js@1.8.2-2?distro=trixie
purl pkg:deb/debian/angular.js@1.8.2-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie
1
url pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1~deb11u1%3Fdistro=trixie
2
url pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/angular.js@1.8.3-2?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-2%3Fdistro=trixie
4
url pkg:deb/debian/angular.js@1.8.3-3?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie
aliases CVE-2025-0716, GHSA-j58c-ww9w-pwp5
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njvf-2y8u-5kfw
6
url VCID-qwfu-v1x6-e3ep
vulnerability_id VCID-qwfu-v1x6-e3ep
summary 
angular vulnerable to regular expression denial of service via the angular.copy() utility
All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26116.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26116.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26116
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.50855
published_at 2026-04-12T12:55:00Z
1
value 0.00274
scoring_system epss
scoring_elements 0.5084
published_at 2026-04-13T12:55:00Z
2
value 0.00274
scoring_system epss
scoring_elements 0.50878
published_at 2026-04-16T12:55:00Z
3
value 0.00274
scoring_system epss
scoring_elements 0.50836
published_at 2026-04-09T12:55:00Z
4
value 0.00274
scoring_system epss
scoring_elements 0.50838
published_at 2026-04-08T12:55:00Z
5
value 0.00274
scoring_system epss
scoring_elements 0.50781
published_at 2026-04-07T12:55:00Z
6
value 0.00274
scoring_system epss
scoring_elements 0.50824
published_at 2026-04-04T12:55:00Z
7
value 0.00274
scoring_system epss
scoring_elements 0.50799
published_at 2026-04-02T12:55:00Z
8
value 0.00318
scoring_system epss
scoring_elements 0.54893
published_at 2026-04-21T12:55:00Z
9
value 0.00318
scoring_system epss
scoring_elements 0.54914
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26116
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26116
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26116
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/angular/angular.js
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js
5
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K
8
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320
9
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322
10
reference_url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/
url https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321
11
reference_url https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/
url https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
12
reference_url https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/
url https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694
reference_id 1036694
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2183109
reference_id 2183109
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2183109
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26116
reference_id CVE-2023-26116
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26116
16
reference_url https://github.com/advisories/GHSA-2vrf-hf26-jrp5
reference_id GHSA-2vrf-hf26-jrp5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2vrf-hf26-jrp5
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/
reference_id OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/
reference_id UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/
19
reference_url https://usn.ubuntu.com/7958-1/
reference_id USN-7958-1
reference_type
scores
url https://usn.ubuntu.com/7958-1/
fixed_packages
0
url pkg:deb/debian/angular.js@1.8.2-2?distro=trixie
purl pkg:deb/debian/angular.js@1.8.2-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie
1
url pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1~deb11u1%3Fdistro=trixie
2
url pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/angular.js@1.8.3-2?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-2%3Fdistro=trixie
4
url pkg:deb/debian/angular.js@1.8.3-3?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie
aliases CVE-2023-26116, GHSA-2vrf-hf26-jrp5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qwfu-v1x6-e3ep
7
url VCID-s1yh-7m2a-y3g3
vulnerability_id VCID-s1yh-7m2a-y3g3
summary 
AngularJS Incomplete Filtering of Special Elements vulnerability
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing  and also negatively affect the application's performance and behavior by using too large or slow-to-load images.

This issue affects AngularJS versions greater than or equal to 1.3.1.

Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-2336
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.41961
published_at 2026-04-18T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.4189
published_at 2026-04-21T12:55:00Z
2
value 0.0023
scoring_system epss
scoring_elements 0.45762
published_at 2026-04-02T12:55:00Z
3
value 0.0023
scoring_system epss
scoring_elements 0.45783
published_at 2026-04-13T12:55:00Z
4
value 0.0023
scoring_system epss
scoring_elements 0.45732
published_at 2026-04-07T12:55:00Z
5
value 0.0023
scoring_system epss
scoring_elements 0.45789
published_at 2026-04-08T12:55:00Z
6
value 0.0023
scoring_system epss
scoring_elements 0.45786
published_at 2026-04-09T12:55:00Z
7
value 0.0023
scoring_system epss
scoring_elements 0.45808
published_at 2026-04-11T12:55:00Z
8
value 0.0023
scoring_system epss
scoring_elements 0.45778
published_at 2026-04-12T12:55:00Z
9
value 0.0023
scoring_system epss
scoring_elements 0.45833
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-2336
1
reference_url https://codepen.io/herodevs/pen/bNGYaXx/412a3a4218387479898912f60c269c6c
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-04T18:14:00Z/
url https://codepen.io/herodevs/pen/bNGYaXx/412a3a4218387479898912f60c269c6c
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2336
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2336
3
reference_url https://github.com/angular/angular.js
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js
4
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-2336
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-2336
6
reference_url https://www.herodevs.com/vulnerability-directory/cve-2025-2336
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-04T18:14:00Z/
url https://www.herodevs.com/vulnerability-directory/cve-2025-2336
7
reference_url https://www.herodevs.com/vulnerability-directory/cve-2025-2336?angularjs-nes
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.herodevs.com/vulnerability-directory/cve-2025-2336?angularjs-nes
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107519
reference_id 1107519
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107519
9
reference_url https://github.com/advisories/GHSA-4p4w-6hg8-63wx
reference_id GHSA-4p4w-6hg8-63wx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4p4w-6hg8-63wx
10
reference_url https://usn.ubuntu.com/7958-1/
reference_id USN-7958-1
reference_type
scores
url https://usn.ubuntu.com/7958-1/
fixed_packages
0
url pkg:deb/debian/angular.js@1.8.2-2?distro=trixie
purl pkg:deb/debian/angular.js@1.8.2-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie
1
url pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1~deb11u1%3Fdistro=trixie
2
url pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/angular.js@1.8.3-2?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-2%3Fdistro=trixie
4
url pkg:deb/debian/angular.js@1.8.3-3?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie
aliases CVE-2025-2336, GHSA-4p4w-6hg8-63wx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s1yh-7m2a-y3g3
8
url VCID-tgyd-qy7s-kkew
vulnerability_id VCID-tgyd-qy7s-kkew
summary 
angular vulnerable to regular expression denial of service (ReDoS)
AngularJS lets users write client-side web applications. The package angular after 1.7.0 is vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value.

**Note:**
1. This package has been deprecated and is no longer maintained.
2. The vulnerable versions are 1.7.0 and higher.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25844.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25844.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25844
reference_id
reference_type
scores
0
value 0.01924
scoring_system epss
scoring_elements 0.83403
published_at 2026-04-21T12:55:00Z
1
value 0.01924
scoring_system epss
scoring_elements 0.83402
published_at 2026-04-18T12:55:00Z
2
value 0.01924
scoring_system epss
scoring_elements 0.83401
published_at 2026-04-16T12:55:00Z
3
value 0.01924
scoring_system epss
scoring_elements 0.83365
published_at 2026-04-13T12:55:00Z
4
value 0.01924
scoring_system epss
scoring_elements 0.8337
published_at 2026-04-12T12:55:00Z
5
value 0.01924
scoring_system epss
scoring_elements 0.83327
published_at 2026-04-07T12:55:00Z
6
value 0.01924
scoring_system epss
scoring_elements 0.83311
published_at 2026-04-02T12:55:00Z
7
value 0.01924
scoring_system epss
scoring_elements 0.83376
published_at 2026-04-11T12:55:00Z
8
value 0.01924
scoring_system epss
scoring_elements 0.83361
published_at 2026-04-09T12:55:00Z
9
value 0.01924
scoring_system epss
scoring_elements 0.83351
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25844
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25844
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25844
3
reference_url https://github.com/angular/angular.js
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/angular/angular.js
4
reference_url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO
9
reference_url https://security.netapp.com/advisory/ntap-20220629-0009
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220629-0009
10
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2772736
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2772736
11
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2772738
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2772738
12
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2772737
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2772737
13
reference_url https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735
14
reference_url https://stackblitz.com/edit/angularjs-material-blank-zvtdvb
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://stackblitz.com/edit/angularjs-material-blank-zvtdvb
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014779
reference_id 1014779
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014779
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2080945
reference_id 2080945
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2080945
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25844
reference_id CVE-2022-25844
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25844
18
reference_url https://github.com/advisories/GHSA-m2h2-264f-f486
reference_id GHSA-m2h2-264f-f486
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m2h2-264f-f486
19
reference_url https://usn.ubuntu.com/7958-1/
reference_id USN-7958-1
reference_type
scores
url https://usn.ubuntu.com/7958-1/
fixed_packages
0
url pkg:deb/debian/angular.js@1.8.2-2?distro=trixie
purl pkg:deb/debian/angular.js@1.8.2-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie
1
url pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1~deb11u1%3Fdistro=trixie
2
url pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/angular.js@1.8.3-2?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-2%3Fdistro=trixie
4
url pkg:deb/debian/angular.js@1.8.3-3?distro=trixie
purl pkg:deb/debian/angular.js@1.8.3-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie
aliases CVE-2022-25844, GHSA-m2h2-264f-f486
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgyd-qy7s-kkew
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1~deb11u1%3Fdistro=trixie