{"url":"http://public2.vulnerablecode.io/api/packages/156260?format=json","purl":"pkg:npm/angular@0.0.3","type":"npm","namespace":"","name":"angular","version":"0.0.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10822?format=json","vulnerability_id":"VCID-1nqc-e1g6-e3bf","summary":"Cross-Site Scripting via JSONP\nJSONP allows untrusted resource URLs, which provides a vector for attack by malicious actors.","references":[{"reference_url":"https://github.com/angular/angular.js/commit/6476af83cd0418c84e034a955b12a842794385c4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js/commit/6476af83cd0418c84e034a955b12a842794385c4"},{"reference_url":"https://www.npmjs.com/advisories/1630","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1630"},{"reference_url":"https://github.com/advisories/GHSA-28hp-fgcr-2r4h","reference_id":"GHSA-28hp-fgcr-2r4h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-28hp-fgcr-2r4h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23222?format=json","purl":"pkg:npm/angular@1.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1x1p-ye9j-rug4"},{"vulnerability":"VCID-2m5b-zvmc-pygf"},{"vulnerability":"VCID-6map-62jp-tkgu"},{"vulnerability":"VCID-7p32-5sdx-j3hq"},{"vulnerability":"VCID-8juz-913g-zfdb"},{"vulnerability":"VCID-cfxn-m6af-2kb8"},{"vulnerability":"VCID-cpwp-gasq-kffz"},{"vulnerability":"VCID-dxq2-dfym-3fcv"},{"vulnerability":"VCID-njvf-2y8u-5kfw"},{"vulnerability":"VCID-qwfu-v1x6-e3ep"},{"vulnerability":"VCID-rcvr-9ews-tfab"},{"vulnerability":"VCID-rvrc-5q4c-63bh"},{"vulnerability":"VCID-tbpx-hrpt-gkej"},{"vulnerability":"VCID-xd5a-s1n3-bkhg"},{"vulnerability":"VCID-yjab-2vra-zug8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.0"}],"aliases":["GHSA-28hp-fgcr-2r4h","GMS-2019-114"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1nqc-e1g6-e3bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7959?format=json","vulnerability_id":"VCID-2m5b-zvmc-pygf","summary":"XSS in $sanitize in Safari/Firefox\nBoth Firefox and Safari are vulnerable to XSS if we use an inert document created via `document.implementation.createHTMLDocument()`.","references":[{"reference_url":"https://github.com/angular/angular.js/blob/master/CHANGELOG.md#165-toffee-salinization-2017-07-03","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/angular/angular.js/blob/master/CHANGELOG.md#165-toffee-salinization-2017-07-03"},{"reference_url":"https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24200?format=json","purl":"pkg:npm/angular@1.6.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1x1p-ye9j-rug4"},{"vulnerability":"VCID-6map-62jp-tkgu"},{"vulnerability":"VCID-8juz-913g-zfdb"},{"vulnerability":"VCID-cfxn-m6af-2kb8"},{"vulnerability":"VCID-cpwp-gasq-kffz"},{"vulnerability":"VCID-dxq2-dfym-3fcv"},{"vulnerability":"VCID-njvf-2y8u-5kfw"},{"vulnerability":"VCID-qwfu-v1x6-e3ep"},{"vulnerability":"VCID-rcvr-9ews-tfab"},{"vulnerability":"VCID-rvrc-5q4c-63bh"},{"vulnerability":"VCID-tbpx-hrpt-gkej"},{"vulnerability":"VCID-xd5a-s1n3-bkhg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.5"}],"aliases":["GMS-2017-134"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2m5b-zvmc-pygf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16999?format=json","vulnerability_id":"VCID-6map-62jp-tkgu","summary":"angular vulnerable to regular expression denial of service via the $resource service\nAll versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26117.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26117.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26117","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50838","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50799","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50836","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5084","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50855","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50878","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50781","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50824","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54893","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54808","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54862","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54888","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54868","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54914","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26117"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26117","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26117"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045"},{"reference_url":"https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/"}],"url":"https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694","reference_id":"1036694","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183108","reference_id":"2183108","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183108"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26117","reference_id":"CVE-2023-26117","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26117"},{"reference_url":"https://github.com/advisories/GHSA-2qqx-w9hr-q5gx","reference_id":"GHSA-2qqx-w9hr-q5gx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2qqx-w9hr-q5gx"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/","reference_id":"OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/","reference_id":"UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[],"aliases":["CVE-2023-26117","GHSA-2qqx-w9hr-q5gx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6map-62jp-tkgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7838?format=json","vulnerability_id":"VCID-7p32-5sdx-j3hq","summary":"Denial of service in $sanitize\nRunning $sanitize on bad HTML can freeze the browser. The problem occurs with clobbered data; typically the \"nextSibling\" property on an element is changed to one of it's child node, this makes it impossible to walk the HTML tree and leads to an infinite loop which freezes the browser.","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23892?format=json","purl":"pkg:npm/angular@1.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1x1p-ye9j-rug4"},{"vulnerability":"VCID-2m5b-zvmc-pygf"},{"vulnerability":"VCID-6map-62jp-tkgu"},{"vulnerability":"VCID-8juz-913g-zfdb"},{"vulnerability":"VCID-cfxn-m6af-2kb8"},{"vulnerability":"VCID-cpwp-gasq-kffz"},{"vulnerability":"VCID-dxq2-dfym-3fcv"},{"vulnerability":"VCID-njvf-2y8u-5kfw"},{"vulnerability":"VCID-qwfu-v1x6-e3ep"},{"vulnerability":"VCID-rcvr-9ews-tfab"},{"vulnerability":"VCID-rvrc-5q4c-63bh"},{"vulnerability":"VCID-tbpx-hrpt-gkej"},{"vulnerability":"VCID-xd5a-s1n3-bkhg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.3"}],"aliases":["GMS-2017-115"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7p32-5sdx-j3hq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7530?format=json","vulnerability_id":"VCID-9nuw-8wc1-vkc4","summary":"Bypass CSP protection\nExtension URIs (`resource://...`) bypass ````Content-Security-Policy```` in Chrome and Firefox and can always be loaded. Now if a site already has a XSS bug, and uses CSP to protect itself, but the user has an extension installed that uses Angular, an attacked can load Angular from the extension, and Angular's auto-bootstrapping can be used to bypass the victim site's CSP protection.","references":[{"reference_url":"https://github.com/angular/angular.js/commit/0ff10e1b56c6b7c4ac465e35c96a5886e294bac5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/angular/angular.js/commit/0ff10e1b56c6b7c4ac465e35c96a5886e294bac5"},{"reference_url":"https://github.com/angular/angular.js/commit/6ce2913d99bb0dade6027ba9733295d0aa13b242","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/angular/angular.js/commit/6ce2913d99bb0dade6027ba9733295d0aa13b242"},{"reference_url":"https://github.com/angular/angular.js/commit/a649758655843275cc477fb638f8e55f72a4eaa6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/angular/angular.js/commit/a649758655843275cc477fb638f8e55f72a4eaa6"},{"reference_url":"https://github.com/angular/angular.js/commit/ebe90051eda8a3328e5993cca1663e28d03113d0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/angular/angular.js/commit/ebe90051eda8a3328e5993cca1663e28d03113d0"},{"reference_url":"https://github.com/mozilla/addons-linter/issues/1000","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mozilla/addons-linter/issues/1000"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23221?format=json","purl":"pkg:npm/angular@1.5.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nqc-e1g6-e3bf"},{"vulnerability":"VCID-1x1p-ye9j-rug4"},{"vulnerability":"VCID-2m5b-zvmc-pygf"},{"vulnerability":"VCID-6map-62jp-tkgu"},{"vulnerability":"VCID-7p32-5sdx-j3hq"},{"vulnerability":"VCID-8juz-913g-zfdb"},{"vulnerability":"VCID-cfxn-m6af-2kb8"},{"vulnerability":"VCID-cpwp-gasq-kffz"},{"vulnerability":"VCID-dxq2-dfym-3fcv"},{"vulnerability":"VCID-njvf-2y8u-5kfw"},{"vulnerability":"VCID-qwfu-v1x6-e3ep"},{"vulnerability":"VCID-rcvr-9ews-tfab"},{"vulnerability":"VCID-rvrc-5q4c-63bh"},{"vulnerability":"VCID-tbpx-hrpt-gkej"},{"vulnerability":"VCID-xd5a-s1n3-bkhg"},{"vulnerability":"VCID-yjab-2vra-zug8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.5.9"},{"url":"http://public2.vulnerablecode.io/api/packages/23223?format=json","purl":"pkg:npm/angular@1.6.0-rc.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nqc-e1g6-e3bf"},{"vulnerability":"VCID-1x1p-ye9j-rug4"},{"vulnerability":"VCID-2m5b-zvmc-pygf"},{"vulnerability":"VCID-6map-62jp-tkgu"},{"vulnerability":"VCID-7p32-5sdx-j3hq"},{"vulnerability":"VCID-8juz-913g-zfdb"},{"vulnerability":"VCID-cfxn-m6af-2kb8"},{"vulnerability":"VCID-cpwp-gasq-kffz"},{"vulnerability":"VCID-dxq2-dfym-3fcv"},{"vulnerability":"VCID-njvf-2y8u-5kfw"},{"vulnerability":"VCID-qwfu-v1x6-e3ep"},{"vulnerability":"VCID-rcvr-9ews-tfab"},{"vulnerability":"VCID-rvrc-5q4c-63bh"},{"vulnerability":"VCID-tbpx-hrpt-gkej"},{"vulnerability":"VCID-xd5a-s1n3-bkhg"},{"vulnerability":"VCID-yjab-2vra-zug8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.0-rc.1"},{"url":"http://public2.vulnerablecode.io/api/packages/23222?format=json","purl":"pkg:npm/angular@1.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1x1p-ye9j-rug4"},{"vulnerability":"VCID-2m5b-zvmc-pygf"},{"vulnerability":"VCID-6map-62jp-tkgu"},{"vulnerability":"VCID-7p32-5sdx-j3hq"},{"vulnerability":"VCID-8juz-913g-zfdb"},{"vulnerability":"VCID-cfxn-m6af-2kb8"},{"vulnerability":"VCID-cpwp-gasq-kffz"},{"vulnerability":"VCID-dxq2-dfym-3fcv"},{"vulnerability":"VCID-njvf-2y8u-5kfw"},{"vulnerability":"VCID-qwfu-v1x6-e3ep"},{"vulnerability":"VCID-rcvr-9ews-tfab"},{"vulnerability":"VCID-rvrc-5q4c-63bh"},{"vulnerability":"VCID-tbpx-hrpt-gkej"},{"vulnerability":"VCID-xd5a-s1n3-bkhg"},{"vulnerability":"VCID-yjab-2vra-zug8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.0"}],"aliases":["GMS-2016-73"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9nuw-8wc1-vkc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13716?format=json","vulnerability_id":"VCID-cfxn-m6af-2kb8","summary":"Improper sanitization of the value of the `[srcset]` attribute in `<source>` HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .\n\nThis issue affects all versions of AngularJS.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8373.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8373.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8373","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02318","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0224","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02245","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02253","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02254","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02276","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02258","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02247","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02227","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02236","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02329","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02307","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.023","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02344","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8373"},{"reference_url":"https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:04:03Z/"}],"url":"https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8373"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8373","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8373"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241122-0003","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241122-0003"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2024-8373","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:04:03Z/"}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2024-8373"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088805","reference_id":"1088805","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088805"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2310872","reference_id":"2310872","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2310872"},{"reference_url":"https://github.com/advisories/GHSA-mqm9-c95h-x2p6","reference_id":"GHSA-mqm9-c95h-x2p6","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mqm9-c95h-x2p6"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[],"aliases":["CVE-2024-8373","GHSA-mqm9-c95h-x2p6"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cfxn-m6af-2kb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16998?format=json","vulnerability_id":"VCID-cpwp-gasq-kffz","summary":"angular vulnerable to regular expression denial of service via the <input type=\"url\"> element\nAll versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type=\"url\"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26118.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26118.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26118","reference_id":"","reference_type":"","scores":[{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67033","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67031","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67045","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67025","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.66964","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67013","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.66989","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69803","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69823","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69848","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69844","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69835","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69784","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26118"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26118","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26118"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046"},{"reference_url":"https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/"}],"url":"https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694","reference_id":"1036694","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183110","reference_id":"2183110","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183110"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26118","reference_id":"CVE-2023-26118","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26118"},{"reference_url":"https://github.com/advisories/GHSA-qwqh-hm9m-p5hr","reference_id":"GHSA-qwqh-hm9m-p5hr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qwqh-hm9m-p5hr"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/","reference_id":"OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/","reference_id":"UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[],"aliases":["CVE-2023-26118","GHSA-qwqh-hm9m-p5hr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cpwp-gasq-kffz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7456?format=json","vulnerability_id":"VCID-dj5f-tchs-k3b7","summary":"Code Injection\nThe attribute usemap can be used as a security exploit.","references":[{"reference_url":"https://github.com/angular/angular.js/commit/f35f334bd3197585bdf034f4b6d9ffa3122dac62","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/angular/angular.js/commit/f35f334bd3197585bdf034f4b6d9ffa3122dac62"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22852?format=json","purl":"pkg:npm/angular@1.2.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nqc-e1g6-e3bf"},{"vulnerability":"VCID-2m5b-zvmc-pygf"},{"vulnerability":"VCID-6map-62jp-tkgu"},{"vulnerability":"VCID-7p32-5sdx-j3hq"},{"vulnerability":"VCID-9nuw-8wc1-vkc4"},{"vulnerability":"VCID-cfxn-m6af-2kb8"},{"vulnerability":"VCID-cpwp-gasq-kffz"},{"vulnerability":"VCID-dxq2-dfym-3fcv"},{"vulnerability":"VCID-ex2m-smbh-3kgy"},{"vulnerability":"VCID-njvf-2y8u-5kfw"},{"vulnerability":"VCID-qwfu-v1x6-e3ep"},{"vulnerability":"VCID-rcvr-9ews-tfab"},{"vulnerability":"VCID-rvrc-5q4c-63bh"},{"vulnerability":"VCID-tbpx-hrpt-gkej"},{"vulnerability":"VCID-xd5a-s1n3-bkhg"},{"vulnerability":"VCID-yjab-2vra-zug8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.2.30"},{"url":"http://public2.vulnerablecode.io/api/packages/156304?format=json","purl":"pkg:npm/angular@1.3.0-rc.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nqc-e1g6-e3bf"},{"vulnerability":"VCID-1x1p-ye9j-rug4"},{"vulnerability":"VCID-2m5b-zvmc-pygf"},{"vulnerability":"VCID-6map-62jp-tkgu"},{"vulnerability":"VCID-7p32-5sdx-j3hq"},{"vulnerability":"VCID-9nuw-8wc1-vkc4"},{"vulnerability":"VCID-cfxn-m6af-2kb8"},{"vulnerability":"VCID-cpwp-gasq-kffz"},{"vulnerability":"VCID-dxq2-dfym-3fcv"},{"vulnerability":"VCID-ex2m-smbh-3kgy"},{"vulnerability":"VCID-njvf-2y8u-5kfw"},{"vulnerability":"VCID-qwfu-v1x6-e3ep"},{"vulnerability":"VCID-rcvr-9ews-tfab"},{"vulnerability":"VCID-rvrc-5q4c-63bh"},{"vulnerability":"VCID-tbpx-hrpt-gkej"},{"vulnerability":"VCID-xd5a-s1n3-bkhg"},{"vulnerability":"VCID-yjab-2vra-zug8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.3.0-rc.5"}],"aliases":["GMS-2016-48"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dj5f-tchs-k3b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8759?format=json","vulnerability_id":"VCID-dxq2-dfym-3fcv","summary":"Cross Site Scripting\nOn Firefox there is a XSS vulnerability if a malicious attacker can write into the `xml:base` attribute on an SVG anchor.","references":[{"reference_url":"https://github.com/RetireJS/retire.js/commit/ed3512729af76583b28611a4a1b6a8797d7f074c#diff-8b52b7156debed9dd797400ff51e3e15","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/RetireJS/retire.js/commit/ed3512729af76583b28611a4a1b6a8797d7f074c#diff-8b52b7156debed9dd797400ff51e3e15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26386?format=json","purl":"pkg:npm/angular@1.6.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1x1p-ye9j-rug4"},{"vulnerability":"VCID-6map-62jp-tkgu"},{"vulnerability":"VCID-8juz-913g-zfdb"},{"vulnerability":"VCID-cfxn-m6af-2kb8"},{"vulnerability":"VCID-cpwp-gasq-kffz"},{"vulnerability":"VCID-njvf-2y8u-5kfw"},{"vulnerability":"VCID-qwfu-v1x6-e3ep"},{"vulnerability":"VCID-rcvr-9ews-tfab"},{"vulnerability":"VCID-rvrc-5q4c-63bh"},{"vulnerability":"VCID-tbpx-hrpt-gkej"},{"vulnerability":"VCID-xd5a-s1n3-bkhg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.9"}],"aliases":["GMS-2018-9"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dxq2-dfym-3fcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33315?format=json","vulnerability_id":"VCID-ex2m-smbh-3kgy","summary":"AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes\nVersions of `angular` prior to 1.5.0-beta.1 are vulnerable to Cross-Site Scripting. The package fails to sanitize `xlink:href` attributes, which may allow attackers to execute arbitrary JavaScript in a victim's browser if the value is user-controlled.\n\n\n## Recommendation\n\nUpgrade to version 1.5.0-beta.1 or later.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14863.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14863.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14863","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26443","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26576","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26647","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26655","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26711","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2675","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26778","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26771","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26926","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26963","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26886","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26828","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26872","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26869","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26822","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26753","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14863"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14863","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14863"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14863","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14863"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://github.com/angular/angular.js/commit/35a21532b73d5bd84b4325211c563e6a3e2dde82","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js/commit/35a21532b73d5bd84b4325211c563e6a3e2dde82"},{"reference_url":"https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a"},{"reference_url":"https://github.com/angular/angular.js/pull/12524","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js/pull/12524"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14863","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14863"},{"reference_url":"https://snyk.io/vuln/npm:angular:20150807","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/npm:angular:20150807"},{"reference_url":"https://www.npmjs.com/advisories/1453","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1453"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1763589","reference_id":"1763589","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1763589"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942833","reference_id":"942833","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942833"},{"reference_url":"https://github.com/advisories/GHSA-r5fx-8r73-v86c","reference_id":"GHSA-r5fx-8r73-v86c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r5fx-8r73-v86c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4069","reference_id":"RHSA-2019:4069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4071","reference_id":"RHSA-2019:4071","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4071"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73101?format=json","purl":"pkg:npm/angular@1.5.0-beta.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.5.0-beta.1"},{"url":"http://public2.vulnerablecode.io/api/packages/157114?format=json","purl":"pkg:npm/angular@1.5.0-beta.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1nqc-e1g6-e3bf"},{"vulnerability":"VCID-1x1p-ye9j-rug4"},{"vulnerability":"VCID-2m5b-zvmc-pygf"},{"vulnerability":"VCID-6map-62jp-tkgu"},{"vulnerability":"VCID-7p32-5sdx-j3hq"},{"vulnerability":"VCID-8juz-913g-zfdb"},{"vulnerability":"VCID-9nuw-8wc1-vkc4"},{"vulnerability":"VCID-cfxn-m6af-2kb8"},{"vulnerability":"VCID-cpwp-gasq-kffz"},{"vulnerability":"VCID-dxq2-dfym-3fcv"},{"vulnerability":"VCID-njvf-2y8u-5kfw"},{"vulnerability":"VCID-qwfu-v1x6-e3ep"},{"vulnerability":"VCID-rcvr-9ews-tfab"},{"vulnerability":"VCID-rvrc-5q4c-63bh"},{"vulnerability":"VCID-tbpx-hrpt-gkej"},{"vulnerability":"VCID-xd5a-s1n3-bkhg"},{"vulnerability":"VCID-yjab-2vra-zug8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.5.0-beta.2"}],"aliases":["CVE-2019-14863","GHSA-r5fx-8r73-v86c"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ex2m-smbh-3kgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25428?format=json","vulnerability_id":"VCID-njvf-2y8u-5kfw","summary":"AngularJS improperly sanitizes SVG elements\nImproper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing  and also negatively affect the application's performance and behavior by using too large or slow-to-load images.\n\nThis issue affects all versions of AngularJS.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0716.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0716.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0716","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14501","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14623","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14686","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14688","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14655","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14594","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14677","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14787","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14828","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14798","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14767","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14876","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14588","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14694","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.1475","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0716"},{"reference_url":"https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T18:33:33Z/"}],"url":"https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0716","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0716"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-0716","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-0716"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2025-0716","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T18:33:33Z/"}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2025-0716"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104485","reference_id":"1104485","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104485"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362958","reference_id":"2362958","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362958"},{"reference_url":"https://github.com/advisories/GHSA-j58c-ww9w-pwp5","reference_id":"GHSA-j58c-ww9w-pwp5","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j58c-ww9w-pwp5"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[],"aliases":["CVE-2025-0716","GHSA-j58c-ww9w-pwp5"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-njvf-2y8u-5kfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16988?format=json","vulnerability_id":"VCID-qwfu-v1x6-e3ep","summary":"angular vulnerable to regular expression denial of service via the angular.copy() utility\nAll versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26116.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26116.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26116","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50838","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50799","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50836","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5084","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50855","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50878","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50781","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50824","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54893","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54808","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54862","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54888","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54868","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54914","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26116"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044"},{"reference_url":"https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/"}],"url":"https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694","reference_id":"1036694","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183109","reference_id":"2183109","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183109"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26116","reference_id":"CVE-2023-26116","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26116"},{"reference_url":"https://github.com/advisories/GHSA-2vrf-hf26-jrp5","reference_id":"GHSA-2vrf-hf26-jrp5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2vrf-hf26-jrp5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/","reference_id":"OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/","reference_id":"UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[],"aliases":["CVE-2023-26116","GHSA-2vrf-hf26-jrp5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qwfu-v1x6-e3ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33402?format=json","vulnerability_id":"VCID-rcvr-9ews-tfab","summary":"XSS via JQLite DOM manipulation functions in AngularJS\n### Summary\nXSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to `JQLite` methods like `JQLite.prepend`, `JQLite.after`, `JQLite.append`, `JQLite.replaceWith`, `JQLite.append`, `new JQLite` and `angular.element`.\n\n### Description\n\nJQLite (DOM manipulation library that's part of AngularJS) manipulates input HTML before inserting it to the DOM in `jqLiteBuildFragment`.\n\nOne of the modifications performed [expands an XHTML self-closing tag](https://github.com/angular/angular.js/blob/418355f1cf9a9a9827ae81d257966e6acfb5623a/src/jqLite.js#L218).\n\nIf `jqLiteBuildFragment` is called (e.g. via `new JQLite(aString)`) with user-controlled HTML string that was sanitized (e.g. with [DOMPurify](https://github.com/cure53/DOMPurify)), the transformation done by JQLite may modify some forms of an inert, sanitized payload into a payload containing JavaScript - and trigger an XSS when the payload is inserted into DOM.\n\nThis is similar to a bug in jQuery `htmlPrefilter` function that was [fixed in 3.5.0](https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/).\n\n### Proof of concept\n\n```javascript\nconst inertPayload = `<div><style><style/><img src=x onerror=\"alert(1337)\"/>` \n```\nNote that the style element is not closed and `<img` would be a text node inside the style if inserted into the DOM as-is.\nAs such, some HTML sanitizers would leave the `<img` as is without processing it and stripping the `onerror` attribute.\n\n```javascript\nangular.element(document).append(inertPayload);\n```\nThis will alert, as `<style/>` will be replaced with `<style></style>` before adding it to the DOM, closing the style element early and reactivating `img`.\n\n### Patches\nThe issue is patched in `JQLite` bundled with angular 1.8.0. AngularJS users using JQuery should upgrade JQuery to 3.5.0, as a similar vulnerability [affects jQuery <3.5.0](https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2).\n\n### Workarounds\nChanging sanitizer configuration not to allow certain tag grouping (e.g. `<option><style></option>`) or inline style elements may stop certain exploitation vectors, but it's uncertain if all possible exploitation vectors would be covered. Upgrade of AngularJS to 1.8.0 is recommended.\n\n### References\nhttps://github.com/advisories/GHSA-mhp6-pxh8-r675\nhttps://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2\nhttps://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6\nhttps://blog.jquery.com/2020/04/10/jquery-3-5-0-released/\nhttps://snyk.io/vuln/SNYK-JS-ANGULAR-570058","references":[{"reference_url":"https://blog.jquery.com/2020/04/10/jquery-3-5-0-released","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.jquery.com/2020/04/10/jquery-3-5-0-released"},{"reference_url":"https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/","reference_id":"","reference_type":"","scores":[],"url":"https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"},{"reference_url":"https://github.com/advisories/GHSA-mhp6-pxh8-r675","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mhp6-pxh8-r675"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://github.com/google/security-research/security/advisories/GHSA-5cp4-xmrw-59wf","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/security-research/security/advisories/GHSA-5cp4-xmrw-59wf"},{"reference_url":"https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2"},{"reference_url":"https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-ANGULAR-570058","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-ANGULAR-570058"},{"reference_url":"https://github.com/advisories/GHSA-5cp4-xmrw-59wf","reference_id":"GHSA-5cp4-xmrw-59wf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5cp4-xmrw-59wf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73188?format=json","purl":"pkg:npm/angular@1.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1x1p-ye9j-rug4"},{"vulnerability":"VCID-6map-62jp-tkgu"},{"vulnerability":"VCID-8juz-913g-zfdb"},{"vulnerability":"VCID-cfxn-m6af-2kb8"},{"vulnerability":"VCID-cpwp-gasq-kffz"},{"vulnerability":"VCID-njvf-2y8u-5kfw"},{"vulnerability":"VCID-qwfu-v1x6-e3ep"},{"vulnerability":"VCID-tbpx-hrpt-gkej"},{"vulnerability":"VCID-tgyd-qy7s-kkew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.8.0"}],"aliases":["GHSA-5cp4-xmrw-59wf","GMS-2020-703"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rcvr-9ews-tfab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33817?format=json","vulnerability_id":"VCID-rvrc-5q4c-63bh","summary":"Angular vulnerable to Cross-site Scripting\nangular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping `<option>` elements in `<select>` ones changes parsing behavior, leading to possibly unsanitizing code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7676.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7676.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7676","reference_id":"","reference_type":"","scores":[{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68434","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68456","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68451","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68446","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68399","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68421","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68408","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.6837","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68403","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68343","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68324","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68304","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68415","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68388","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68371","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.6832","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7676"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7676","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7676"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://github.com/angular/angular.js/commit/2df43c07779137d1bddf7f3b282a1287a8634acd","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js/commit/2df43c07779137d1bddf7f3b282a1287a8634acd"},{"reference_url":"https://github.com/angular/angular.js/pull/17028","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js/pull/17028"},{"reference_url":"https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b@%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b@%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20@%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20@%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1@%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1@%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b@%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b@%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b@%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b@%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7@%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7@%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1@%3Cozone-commits.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1@%3Cozone-commits.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02@%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02@%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a@%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a@%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7676","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7676"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-ANGULAR-570058","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-ANGULAR-570058"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849206","reference_id":"1849206","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849206"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5249","reference_id":"RHSA-2020:5249","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5249"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5568","reference_id":"RHSA-2020:5568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0417","reference_id":"RHSA-2021:0417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0967","reference_id":"RHSA-2021:0967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0967"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0968","reference_id":"RHSA-2021:0968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0969","reference_id":"RHSA-2021:0969","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0969"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0974","reference_id":"RHSA-2021:0974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0974"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73188?format=json","purl":"pkg:npm/angular@1.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1x1p-ye9j-rug4"},{"vulnerability":"VCID-6map-62jp-tkgu"},{"vulnerability":"VCID-8juz-913g-zfdb"},{"vulnerability":"VCID-cfxn-m6af-2kb8"},{"vulnerability":"VCID-cpwp-gasq-kffz"},{"vulnerability":"VCID-njvf-2y8u-5kfw"},{"vulnerability":"VCID-qwfu-v1x6-e3ep"},{"vulnerability":"VCID-tbpx-hrpt-gkej"},{"vulnerability":"VCID-tgyd-qy7s-kkew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.8.0"}],"aliases":["CVE-2020-7676","GHSA-mhp6-pxh8-r675"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rvrc-5q4c-63bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53896?format=json","vulnerability_id":"VCID-tbpx-hrpt-gkej","summary":"Angular (deprecated package) Cross-site Scripting\nAll versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of `<textarea>` elements.\n\nNPM package [angular](https://www.npmjs.com/package/angular) is deprecated. Those who want to receive security updates should use the actively maintained package [@angular/core](https://www.npmjs.com/package/@angular/core).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25869.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25869.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25869","reference_id":"","reference_type":"","scores":[{"value":"0.05681","scoring_system":"epss","scoring_elements":"0.9042","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05828","scoring_system":"epss","scoring_elements":"0.90572","published_at":"2026-05-05T12:55:00Z"},{"value":"0.07519","scoring_system":"epss","scoring_elements":"0.9183","published_at":"2026-04-16T12:55:00Z"},{"value":"0.07519","scoring_system":"epss","scoring_elements":"0.91822","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07519","scoring_system":"epss","scoring_elements":"0.9181","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07519","scoring_system":"epss","scoring_elements":"0.91814","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07519","scoring_system":"epss","scoring_elements":"0.91812","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07519","scoring_system":"epss","scoring_elements":"0.91809","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07519","scoring_system":"epss","scoring_elements":"0.91802","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07519","scoring_system":"epss","scoring_elements":"0.9179","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07519","scoring_system":"epss","scoring_elements":"0.91827","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07519","scoring_system":"epss","scoring_elements":"0.91828","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07708","scoring_system":"epss","scoring_elements":"0.919","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07708","scoring_system":"epss","scoring_elements":"0.91892","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25869"},{"reference_url":"https://glitch.com/edit/%23%21/angular-repro-textarea-xss","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://glitch.com/edit/%23%21/angular-repro-textarea-xss"},{"reference_url":"https://neverendingsupport.github.io/angularjs-poc-cve-2022-25869","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://neverendingsupport.github.io/angularjs-poc-cve-2022-25869"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25869","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25869"},{"reference_url":"https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJS-10771617","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJS-10771617"},{"reference_url":"https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJSCORE-6084031","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-DOTNET-ANGULARJSCORE-6084031"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2949783"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2949784"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949782"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-ANGULAR-2949781"},{"reference_url":"https://www.npmjs.com/package/angular","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/package/angular"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694","reference_id":"1036694","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362768","reference_id":"2362768","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362768"},{"reference_url":"https://github.com/advisories/GHSA-prc3-vjfx-vhm9","reference_id":"GHSA-prc3-vjfx-vhm9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-prc3-vjfx-vhm9"}],"fixed_packages":[],"aliases":["CVE-2022-25869","GHSA-prc3-vjfx-vhm9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tbpx-hrpt-gkej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51141?format=json","vulnerability_id":"VCID-xd5a-s1n3-bkhg","summary":"angular Prototype Pollution vulnerability\nVersions of `angular ` prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API function `merge()` does not restrict the modification of an Object's prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects.\n\n## Recommendation\n\nUpgrade to version 1.7.9 or later. The function was already deprecated and upgrades are not expected to break functionality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10768.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10768.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10768","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55863","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5586","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55824","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55842","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55862","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55854","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55851","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.558","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5582","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55797","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55686","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61401","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61454","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61449","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62143","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62146","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10768"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10768","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10768"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3"},{"reference_url":"https://github.com/angular/angular.js/pull/16913","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js/pull/16913"},{"reference_url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10768","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10768"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-ANGULAR-534884","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-ANGULAR-534884"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1813309","reference_id":"1813309","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1813309"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945249","reference_id":"945249","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945249"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-89mq-4x47-5v83","reference_id":"GHSA-89mq-4x47-5v83","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-89mq-4x47-5v83"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5568","reference_id":"RHSA-2020:5568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0417","reference_id":"RHSA-2021:0417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8849","reference_id":"RHSA-2022:8849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8866","reference_id":"RHSA-2022:8866","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0274","reference_id":"RHSA-2023:0274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0274"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79086?format=json","purl":"pkg:npm/angular@1.7.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1x1p-ye9j-rug4"},{"vulnerability":"VCID-6map-62jp-tkgu"},{"vulnerability":"VCID-8juz-913g-zfdb"},{"vulnerability":"VCID-cfxn-m6af-2kb8"},{"vulnerability":"VCID-cpwp-gasq-kffz"},{"vulnerability":"VCID-njvf-2y8u-5kfw"},{"vulnerability":"VCID-qwfu-v1x6-e3ep"},{"vulnerability":"VCID-rcvr-9ews-tfab"},{"vulnerability":"VCID-rvrc-5q4c-63bh"},{"vulnerability":"VCID-tbpx-hrpt-gkej"},{"vulnerability":"VCID-tgyd-qy7s-kkew"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.7.9"}],"aliases":["CVE-2019-10768","GHSA-89mq-4x47-5v83"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xd5a-s1n3-bkhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7820?format=json","vulnerability_id":"VCID-yjab-2vra-zug8","summary":"Bypass CSP protection\n, AngularJS allows bootstrapping of invalid/bad svg and currentScript if it was clobbered.","references":[{"reference_url":"https://github.com/angular/angular.js/blob/master/CHANGELOG.md#bug-fixes-5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/angular/angular.js/blob/master/CHANGELOG.md#bug-fixes-5"},{"reference_url":"https://github.com/angular/angular.js/commit/95f964b827b6f5b5aab10af54f7831316c7a9935","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/angular/angular.js/commit/95f964b827b6f5b5aab10af54f7831316c7a9935"},{"reference_url":"https://github.com/angular/angular.js/commit/c8f78a8ca9debc33a6deaf951f344b8d372bf210","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/angular/angular.js/commit/c8f78a8ca9debc33a6deaf951f344b8d372bf210"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23892?format=json","purl":"pkg:npm/angular@1.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1x1p-ye9j-rug4"},{"vulnerability":"VCID-2m5b-zvmc-pygf"},{"vulnerability":"VCID-6map-62jp-tkgu"},{"vulnerability":"VCID-8juz-913g-zfdb"},{"vulnerability":"VCID-cfxn-m6af-2kb8"},{"vulnerability":"VCID-cpwp-gasq-kffz"},{"vulnerability":"VCID-dxq2-dfym-3fcv"},{"vulnerability":"VCID-njvf-2y8u-5kfw"},{"vulnerability":"VCID-qwfu-v1x6-e3ep"},{"vulnerability":"VCID-rcvr-9ews-tfab"},{"vulnerability":"VCID-rvrc-5q4c-63bh"},{"vulnerability":"VCID-tbpx-hrpt-gkej"},{"vulnerability":"VCID-xd5a-s1n3-bkhg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@1.6.3"}],"aliases":["GMS-2017-110"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjab-2vra-zug8"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular@0.0.3"}