{"url":"http://public2.vulnerablecode.io/api/packages/452831?format=json","purl":"pkg:npm/angular-expressions@0.2.1","type":"npm","namespace":"","name":"angular-expressions","version":"0.2.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.5.2","latest_non_vulnerable_version":"1.5.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204406?format=json","vulnerability_id":"VCID-ck1a-8u37-mqh8","summary":"Remote Code Execution in Angular Expressions","references":[{"reference_url":"http://blog.angularjs.org/2016/09/angular-16-expression-sandbox-removal.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.angularjs.org/2016/09/angular-16-expression-sandbox-removal.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5219","reference_id":"","reference_type":"","scores":[{"value":"0.00494","scoring_system":"epss","scoring_elements":"0.66295","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00494","scoring_system":"epss","scoring_elements":"0.66281","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00494","scoring_system":"epss","scoring_elements":"0.66292","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00494","scoring_system":"epss","scoring_elements":"0.66187","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5219"},{"reference_url":"https://github.com/peerigon/angular-expressions/commit/061addfb9a9e932a970e5fcb913d020038e65667","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/peerigon/angular-expressions/commit/061addfb9a9e932a970e5fcb913d020038e65667"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5219","reference_id":"CVE-2020-5219","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-5219"},{"reference_url":"https://github.com/advisories/GHSA-hxhm-96pp-2m43","reference_id":"GHSA-hxhm-96pp-2m43","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hxhm-96pp-2m43"},{"reference_url":"https://github.com/peerigon/angular-expressions/security/advisories/GHSA-hxhm-96pp-2m43","reference_id":"GHSA-hxhm-96pp-2m43","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/peerigon/angular-expressions/security/advisories/GHSA-hxhm-96pp-2m43"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16010?format=json","purl":"pkg:npm/angular-expressions@1.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deka-a83m-yfds"},{"vulnerability":"VCID-kqzf-6j7u-akf6"},{"vulnerability":"VCID-wv5e-d2qr-4baa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular-expressions@1.0.1"}],"aliases":["CVE-2020-5219","GHSA-hxhm-96pp-2m43"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ck1a-8u37-mqh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68004?format=json","vulnerability_id":"VCID-deka-a83m-yfds","summary":"Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44643","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28539","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30322","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30323","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.3034","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-44643"},{"reference_url":"https://github.com/peerigon/angular-expressions","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/peerigon/angular-expressions"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44643","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44643"},{"reference_url":"https://github.com/advisories/GHSA-pw8r-6689-xvf4","reference_id":"GHSA-pw8r-6689-xvf4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pw8r-6689-xvf4"},{"reference_url":"https://github.com/peerigon/angular-expressions/security/advisories/GHSA-pw8r-6689-xvf4","reference_id":"GHSA-pw8r-6689-xvf4","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-11T16:20:41Z/"}],"url":"https://github.com/peerigon/angular-expressions/security/advisories/GHSA-pw8r-6689-xvf4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375937?format=json","purl":"pkg:npm/angular-expressions@1.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular-expressions@1.5.2"}],"aliases":["CVE-2026-44643","GHSA-pw8r-6689-xvf4"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-deka-a83m-yfds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/334215?format=json","vulnerability_id":"VCID-kqzf-6j7u-akf6","summary":"","references":[{"reference_url":"http://blog.angularjs.org/2016/09/angular-16-expression-sandbox-removal.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.angularjs.org/2016/09/angular-16-expression-sandbox-removal.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21277","reference_id":"","reference_type":"","scores":[{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.5542","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55541","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55556","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55543","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21277"},{"reference_url":"https://github.com/peerigon/angular-expressions/commit/07edb62902b1f6127b3dcc013da61c6316dd0bf1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/peerigon/angular-expressions/commit/07edb62902b1f6127b3dcc013da61c6316dd0bf1"},{"reference_url":"https://github.com/peerigon/angular-expressions/security/advisories/GHSA-j6px-jwvv-vpwq","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/peerigon/angular-expressions/security/advisories/GHSA-j6px-jwvv-vpwq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21277","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21277"},{"reference_url":"https://www.npmjs.com/package/angular-expressions","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/package/angular-expressions"},{"reference_url":"https://github.com/advisories/GHSA-j6px-jwvv-vpwq","reference_id":"GHSA-j6px-jwvv-vpwq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j6px-jwvv-vpwq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382790?format=json","purl":"pkg:npm/angular-expressions@1.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deka-a83m-yfds"},{"vulnerability":"VCID-wv5e-d2qr-4baa"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular-expressions@1.1.2"}],"aliases":["CVE-2021-21277","GHSA-j6px-jwvv-vpwq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kqzf-6j7u-akf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31144?format=json","vulnerability_id":"VCID-wv5e-d2qr-4baa","summary":"Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex (undisclosed) payload, one can get full access to Arbitrary code execution on the system. The problem has been patched in version 1.4.3 of Angular Expressions. Two possible workarounds are available. One may either disable access to `__proto__` globally or make sure that one uses the function with just one argument.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54152","reference_id":"","reference_type":"","scores":[{"value":"0.30315","scoring_system":"epss","scoring_elements":"0.96803","published_at":"2026-06-11T12:55:00Z"},{"value":"0.30315","scoring_system":"epss","scoring_elements":"0.96815","published_at":"2026-06-14T12:55:00Z"},{"value":"0.30315","scoring_system":"epss","scoring_elements":"0.96814","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54152"},{"reference_url":"https://github.com/peerigon/angular-expressions","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/peerigon/angular-expressions"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54152","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54152"},{"reference_url":"https://github.com/peerigon/angular-expressions/commit/97f7ad94006156eeb97fc942332578b6cfbf8eef","reference_id":"97f7ad94006156eeb97fc942332578b6cfbf8eef","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-10T16:34:41Z/"}],"url":"https://github.com/peerigon/angular-expressions/commit/97f7ad94006156eeb97fc942332578b6cfbf8eef"},{"reference_url":"https://github.com/advisories/GHSA-5462-4vcx-jh7j","reference_id":"GHSA-5462-4vcx-jh7j","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5462-4vcx-jh7j"},{"reference_url":"https://github.com/peerigon/angular-expressions/security/advisories/GHSA-5462-4vcx-jh7j","reference_id":"GHSA-5462-4vcx-jh7j","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-10T16:34:41Z/"}],"url":"https://github.com/peerigon/angular-expressions/security/advisories/GHSA-5462-4vcx-jh7j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372490?format=json","purl":"pkg:npm/angular-expressions@1.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deka-a83m-yfds"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular-expressions@1.4.3"}],"aliases":["CVE-2024-54152","GHSA-5462-4vcx-jh7j"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wv5e-d2qr-4baa"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular-expressions@0.2.1"}