{"url":"http://public2.vulnerablecode.io/api/packages/583261?format=json","purl":"pkg:deb/debian/angular.js@1.8.2-2?distro=trixie","type":"deb","namespace":"debian","name":"angular.js","version":"1.8.2-2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.8.3-1+deb12u1~deb11u1","latest_non_vulnerable_version":"1.8.3-3","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13713?format=json","vulnerability_id":"VCID-1x1p-ye9j-rug4","summary":"Improper sanitization of the value of the `[srcset]` attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .\n\nThis issue affects AngularJS versions 1.3.0-rc.4 and greater.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8372.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8372.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8372","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03296","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03225","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03215","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0324","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03261","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03289","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03331","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0331","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03285","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03305","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0338","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03335","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03336","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03346","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0461","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0456","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04529","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04604","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04603","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04599","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8372"},{"reference_url":"https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:06:37Z/"}],"url":"https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8372"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8372","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8372"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241122-0002","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241122-0002"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2024-8372","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:06:37Z/"}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2024-8372"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088804","reference_id":"1088804","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088804"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2310871","reference_id":"2310871","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2310871"},{"reference_url":"https://github.com/advisories/GHSA-m9gf-397r-hwpg","reference_id":"GHSA-m9gf-397r-hwpg","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m9gf-397r-hwpg"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583261?format=json","purl":"pkg:deb/debian/angular.js@1.8.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583366?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583262?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583367?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583263?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie"}],"aliases":["CVE-2024-8372","GHSA-m9gf-397r-hwpg"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1x1p-ye9j-rug4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23697?format=json","vulnerability_id":"VCID-3mrw-2h7j-zfdv","summary":"Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes\nA **Stored Cross-Site Scripting ([XSS](https://angular.dev/best-practices/security#preventing-cross-site-scripting-xss))** vulnerability has been identified in the **Angular Template Compiler**. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain [`javascript:` URLs](https://developer.mozilla.org/en-US/Web/URI/Reference/Schemes/javascript)) as requiring strict URL security, enabling the injection of malicious scripts.\n\nAdditionally, a related vulnerability exists involving SVG animation elements (`<animate>`, `<set>`, `<animateMotion>`, `<animateTransform>`). The `attributeName` attribute on these elements was not properly validated, allowing attackers to dynamically target security-sensitive attributes like `href` or `xlink:href` on other elements. By binding `attributeName` to \"href\" and providing a `javascript:` URL in the `values` or `to` attribute, an attacker could bypass sanitization and execute arbitrary code.\n\nAttributes confirmed to be vulnerable include:\n*   SVG-related attributes: (e.g., `xlink:href`), and various MathML attributes (e.g., `math|href`, `annotation|href`).\n*   SVG animation `attributeName` attribute when bound to \"href\" or \"xlink:href\".\n\nWhen template binding is used to assign untrusted, user-controlled data to these attributes (e.g., `[attr.xlink:href]=\"maliciousURL\"` or `<animate [attributeName]=\"'href'\" [values]=\"maliciousURL\">`), the compiler incorrectly falls back to a non-sanitizing context or fails to block the dangerous attribute assignment. This allows an attacker to inject a `javascript:URL` payload. Upon user interaction (like a click) on the element, or automatically in the case of animations, the malicious JavaScript executes in the context of the application's origin.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66412.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66412.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66412","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0562","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05543","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05499","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05733","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06734","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06702","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06687","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16248","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16301","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16363","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16162","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16312","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16294","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16254","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16187","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16124","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16142","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16178","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16068","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16066","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66412"},{"reference_url":"https://github.com/angular/angular","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular"},{"reference_url":"https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T14:12:58Z/"}],"url":"https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418155","reference_id":"2418155","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418155"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66412","reference_id":"CVE-2025-66412","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66412"},{"reference_url":"https://github.com/advisories/GHSA-v4hv-rgfq-gp49","reference_id":"GHSA-v4hv-rgfq-gp49","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v4hv-rgfq-gp49"},{"reference_url":"https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49","reference_id":"GHSA-v4hv-rgfq-gp49","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-02T14:12:58Z/"}],"url":"https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583369?format=json","purl":"pkg:deb/debian/angular.js@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583261?format=json","purl":"pkg:deb/debian/angular.js@1.8.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583262?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583263?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie"}],"aliases":["CVE-2025-66412","GHSA-v4hv-rgfq-gp49"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3mrw-2h7j-zfdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16999?format=json","vulnerability_id":"VCID-6map-62jp-tkgu","summary":"angular vulnerable to regular expression denial of service via the $resource service\nAll versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26117.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26117.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26117","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50799","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50824","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50781","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50838","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50836","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5084","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50878","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50855","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54893","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54914","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54888","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54955","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54894","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54869","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54908","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54851","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54808","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54862","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54868","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26117"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26117","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26117"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406325"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406324"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045"},{"reference_url":"https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/"}],"url":"https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694","reference_id":"1036694","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183108","reference_id":"2183108","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183108"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26117","reference_id":"CVE-2023-26117","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26117"},{"reference_url":"https://github.com/advisories/GHSA-2qqx-w9hr-q5gx","reference_id":"GHSA-2qqx-w9hr-q5gx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2qqx-w9hr-q5gx"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/","reference_id":"OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/","reference_id":"UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:38:00Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583261?format=json","purl":"pkg:deb/debian/angular.js@1.8.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583366?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583262?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583367?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583263?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie"}],"aliases":["CVE-2023-26117","GHSA-2qqx-w9hr-q5gx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6map-62jp-tkgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15362?format=json","vulnerability_id":"VCID-8juz-913g-zfdb","summary":"angular vulnerable to super-linear runtime due to backtracking\nThis affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. \n\n\n**Note:**\n\nThis package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21490.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-21490.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21490","reference_id":"","reference_type":"","scores":[{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84735","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84512","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84579","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84583","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84564","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84558","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84536","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84533","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84704","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84688","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84691","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84674","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84648","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84633","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84631","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84623","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84596","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84595","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84594","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84574","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-21490"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21490"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21490","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21490"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113"},{"reference_url":"https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-12T19:24:29Z/"}],"url":"https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos"},{"reference_url":"https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088803","reference_id":"1088803","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088803"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263754","reference_id":"2263754","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2263754"},{"reference_url":"https://github.com/advisories/GHSA-4w4v-5hc9-xrr2","reference_id":"GHSA-4w4v-5hc9-xrr2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4w4v-5hc9-xrr2"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583261?format=json","purl":"pkg:deb/debian/angular.js@1.8.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583366?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583262?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583367?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583263?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie"}],"aliases":["CVE-2024-21490","GHSA-4w4v-5hc9-xrr2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8juz-913g-zfdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13716?format=json","vulnerability_id":"VCID-cfxn-m6af-2kb8","summary":"Improper sanitization of the value of the `[srcset]` attribute in `<source>` HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .\n\nThis issue affects all versions of AngularJS.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8373.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8373.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8373","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02376","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02352","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02355","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0236","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02322","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02318","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02344","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.023","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02253","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02258","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02276","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0224","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02245","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02254","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02307","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02329","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02236","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02227","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02247","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8373"},{"reference_url":"https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:04:03Z/"}],"url":"https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8373"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8373","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8373"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241122-0003","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241122-0003"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2024-8373","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-09T15:04:03Z/"}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2024-8373"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088805","reference_id":"1088805","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088805"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2310872","reference_id":"2310872","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2310872"},{"reference_url":"https://github.com/advisories/GHSA-mqm9-c95h-x2p6","reference_id":"GHSA-mqm9-c95h-x2p6","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mqm9-c95h-x2p6"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583261?format=json","purl":"pkg:deb/debian/angular.js@1.8.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583366?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583262?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583367?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583263?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie"}],"aliases":["CVE-2024-8373","GHSA-mqm9-c95h-x2p6"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cfxn-m6af-2kb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16998?format=json","vulnerability_id":"VCID-cpwp-gasq-kffz","summary":"angular vulnerable to regular expression denial of service via the <input type=\"url\"> element\nAll versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type=\"url\"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26118.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26118.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26118","reference_id":"","reference_type":"","scores":[{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.66989","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67033","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67031","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67045","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67025","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.66964","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00526","scoring_system":"epss","scoring_elements":"0.67013","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69823","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69848","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69844","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69835","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69784","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69803","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69943","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69894","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69898","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.69867","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26118"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26118","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26118"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406328"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406327"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046"},{"reference_url":"https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/"}],"url":"https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694","reference_id":"1036694","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183110","reference_id":"2183110","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183110"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26118","reference_id":"CVE-2023-26118","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26118"},{"reference_url":"https://github.com/advisories/GHSA-qwqh-hm9m-p5hr","reference_id":"GHSA-qwqh-hm9m-p5hr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qwqh-hm9m-p5hr"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/","reference_id":"OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/","reference_id":"UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:37:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583261?format=json","purl":"pkg:deb/debian/angular.js@1.8.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583366?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583262?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583367?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583263?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie"}],"aliases":["CVE-2023-26118","GHSA-qwqh-hm9m-p5hr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cpwp-gasq-kffz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33315?format=json","vulnerability_id":"VCID-ex2m-smbh-3kgy","summary":"AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes\nVersions of `angular` prior to 1.5.0-beta.1 are vulnerable to Cross-Site Scripting. The package fails to sanitize `xlink:href` attributes, which may allow attackers to execute arbitrary JavaScript in a victim's browser if the value is user-controlled.\n\n\n## Recommendation\n\nUpgrade to version 1.5.0-beta.1 or later.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14863.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14863.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14863","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26592","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26753","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26822","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26869","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26872","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26828","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26771","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26778","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2675","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26711","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26655","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26647","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26576","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26443","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26513","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26568","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26497","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26514","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26886","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26926","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26963","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14863"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14863","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14863"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14863","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14863"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://github.com/angular/angular.js/commit/35a21532b73d5bd84b4325211c563e6a3e2dde82","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js/commit/35a21532b73d5bd84b4325211c563e6a3e2dde82"},{"reference_url":"https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a"},{"reference_url":"https://github.com/angular/angular.js/pull/12524","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js/pull/12524"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14863","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14863"},{"reference_url":"https://snyk.io/vuln/npm:angular:20150807","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/npm:angular:20150807"},{"reference_url":"https://www.npmjs.com/advisories/1453","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1453"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1763589","reference_id":"1763589","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1763589"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942833","reference_id":"942833","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942833"},{"reference_url":"https://github.com/advisories/GHSA-r5fx-8r73-v86c","reference_id":"GHSA-r5fx-8r73-v86c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r5fx-8r73-v86c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4069","reference_id":"RHSA-2019:4069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4071","reference_id":"RHSA-2019:4071","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4071"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583260?format=json","purl":"pkg:deb/debian/angular.js@1.5.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.5.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583261?format=json","purl":"pkg:deb/debian/angular.js@1.8.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583262?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583263?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie"}],"aliases":["CVE-2019-14863","GHSA-r5fx-8r73-v86c"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ex2m-smbh-3kgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20690?format=json","vulnerability_id":"VCID-ms76-c5dn-23hx","summary":"Angular has XSS Vulnerability via Unsanitized SVG Script Attributes\nA Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal sanitization schema fails to recognize the `href` and `xlink:href` attributes of SVG `<script>` elements as a **Resource URL** context.\n\nIn a standard security model, attributes that can load and execute code (like a script's source) should be strictly validated. However, because the compiler does not classify these specific SVG attributes correctly, it allows attackers to bypass Angular's built-in security protections.\n\nWhen template binding is used to assign user-controlled data to these attributes for example, `<script [attr.href]=\"userInput\">` the compiler treats the value as a standard string or a non-sensitive URL rather than a resource link. This enables an attacker to provide a malicious payload, such as a `data:text/javascript` URI or a link to an external malicious script.\n\n### Impact\nWhen successfully exploited, this vulnerability allows for **arbitrary JavaScript execution** within the context of the victim's browser session. This can lead to:\n- **Session Hijacking:** Stealing session cookies, localStorage data, or authentication tokens.\n- **Data Exfiltration:** Accessing and transmitting sensitive information displayed within the application.\n- **Unauthorized Actions:** Performing state-changing actions (like clicking buttons or submitting forms) on behalf of the authenticated user.\n\n### Attack Preconditions\n\n1. The victim application must explicitly use SVG `<script>` elements within its templates.\n2. The application must use property or attribute binding (interpolation) for the `href` or `xlink:href` attributes of those SVG scripts.\n3. The data bound to these attributes must be derived from an untrusted source (e.g., URL parameters, user-submitted database entries, or unsanitized API responses).\n\n### Patches\n- 19.2.18\n- 20.3.16\n- 21.0.7\n- 21.1.0-rc.0\n\n### Workarounds\nUntil the patch is applied, developers should:\n\n- **Avoid Dynamic Bindings**: Do not use Angular template binding (e.g., `[attr.href]`) for SVG `<script>` elements.\n- **Input Validation**: If dynamic values must be used, strictly validate the input against a strict allowlist of trusted URLs on the server side or before it reaches the template.\n\n### Resources\n\n- https://github.com/angular/angular/pull/66318","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22610.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22610.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22610","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03795","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03763","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03745","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03783","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03737","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03734","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0373","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03603","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03591","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03615","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0364","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03649","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03664","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03701","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03679","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03676","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03666","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05479","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05475","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22610"},{"reference_url":"https://github.com/angular/angular","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular"},{"reference_url":"https://github.com/angular/angular/commit/91dc91bae4a1bbefc58bef6ef739d0e02ab44d56","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-12T17:29:54Z/"}],"url":"https://github.com/angular/angular/commit/91dc91bae4a1bbefc58bef6ef739d0e02ab44d56"},{"reference_url":"https://github.com/angular/angular/pull/66318","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-12T17:29:54Z/"}],"url":"https://github.com/angular/angular/pull/66318"},{"reference_url":"https://github.com/angular/angular/security/advisories/GHSA-jrmj-c5cx-3cw6","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-12T17:29:54Z/"}],"url":"https://github.com/angular/angular/security/advisories/GHSA-jrmj-c5cx-3cw6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22610","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22610"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428424","reference_id":"2428424","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428424"},{"reference_url":"https://github.com/advisories/GHSA-jrmj-c5cx-3cw6","reference_id":"GHSA-jrmj-c5cx-3cw6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jrmj-c5cx-3cw6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583369?format=json","purl":"pkg:deb/debian/angular.js@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583261?format=json","purl":"pkg:deb/debian/angular.js@1.8.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583262?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583263?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie"}],"aliases":["CVE-2026-22610","GHSA-jrmj-c5cx-3cw6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ms76-c5dn-23hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25428?format=json","vulnerability_id":"VCID-njvf-2y8u-5kfw","summary":"AngularJS improperly sanitizes SVG elements\nImproper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing  and also negatively affect the application's performance and behavior by using too large or slow-to-load images.\n\nThis issue affects all versions of AngularJS.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0716.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0716.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0716","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14843","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14876","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14677","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14767","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14828","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14787","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.1475","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14694","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14588","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14594","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14655","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14688","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14686","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14623","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14501","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14635","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14725","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.1472","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14764","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.14798","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-0716"},{"reference_url":"https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T18:33:33Z/"}],"url":"https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0716","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0716"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-0716","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-0716"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2025-0716","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T18:33:33Z/"}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2025-0716"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104485","reference_id":"1104485","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104485"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362958","reference_id":"2362958","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2362958"},{"reference_url":"https://github.com/advisories/GHSA-j58c-ww9w-pwp5","reference_id":"GHSA-j58c-ww9w-pwp5","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j58c-ww9w-pwp5"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583261?format=json","purl":"pkg:deb/debian/angular.js@1.8.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583366?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583262?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583367?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583263?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie"}],"aliases":["CVE-2025-0716","GHSA-j58c-ww9w-pwp5"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-njvf-2y8u-5kfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16988?format=json","vulnerability_id":"VCID-qwfu-v1x6-e3ep","summary":"angular vulnerable to regular expression denial of service via the angular.copy() utility\nAll versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26116.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26116.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26116","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50878","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50855","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50799","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50824","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50781","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50838","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.50836","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.5084","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54893","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54914","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54888","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54955","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54894","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54869","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54908","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54851","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54808","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54862","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54868","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-26116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26116"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321"},{"reference_url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/"}],"url":"https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044"},{"reference_url":"https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/"}],"url":"https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694","reference_id":"1036694","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036694"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183109","reference_id":"2183109","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2183109"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26116","reference_id":"CVE-2023-26116","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26116"},{"reference_url":"https://github.com/advisories/GHSA-2vrf-hf26-jrp5","reference_id":"GHSA-2vrf-hf26-jrp5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2vrf-hf26-jrp5"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/","reference_id":"OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/","reference_id":"UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:36:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583261?format=json","purl":"pkg:deb/debian/angular.js@1.8.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583366?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583262?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583367?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583263?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie"}],"aliases":["CVE-2023-26116","GHSA-2vrf-hf26-jrp5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qwfu-v1x6-e3ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33817?format=json","vulnerability_id":"VCID-rvrc-5q4c-63bh","summary":"Angular vulnerable to Cross-site Scripting\nangular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping `<option>` elements in `<select>` ones changes parsing behavior, leading to possibly unsanitizing code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7676.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7676.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7676","reference_id":"","reference_type":"","scores":[{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.6856","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68504","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68478","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68512","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68476","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68434","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68456","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68421","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.6832","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68343","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68324","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68304","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68451","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68446","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68399","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68408","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.6837","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68403","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68415","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68388","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68371","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7676"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7676","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7676"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://github.com/angular/angular.js/commit/2df43c07779137d1bddf7f3b282a1287a8634acd","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js/commit/2df43c07779137d1bddf7f3b282a1287a8634acd"},{"reference_url":"https://github.com/angular/angular.js/pull/17028","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js/pull/17028"},{"reference_url":"https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b@%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b@%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r198985c02829ba8285ed4f9b1de54a33b5f31b08bb38ac51fc86961b%40%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20@%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20@%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3f05cfd587c774ea83c18e59eda9fa37fa9bbf3421484d4ee1017a20%40%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1@%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1@%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r446c297cd6cda2bd7e345c9b0741d7f611df89902e5d515848c6f4b1%40%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b@%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b@%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r455ebd83a1c69ae8fd897560534a079c70a483dbe1e75504f1ca499b%40%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b@%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b@%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r57383582dcad2305430321589dfaca6793f5174c55da6ce8d06fbf9b%40%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7@%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7@%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r79e3feaaf87b81e80da0e17a579015f6dcb94c95551ced398d50c8d7%40%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1@%3Cozone-commits.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1@%3Cozone-commits.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r80f210a5f4833d59c5d3de17dd7312f9daba0765ec7d4052469f13f1%40%3Cozone-commits.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02@%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02@%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb6423268b25db0f800359986867648e11dbd38e133b9383e85067f02%40%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679@%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rda99599896c3667f2cc9e9d34c7b6ef5d2bbed1f4801e1d75a2b0679%40%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a@%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a@%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rfa2b19d01d10a8637dc319a7d5994c3dbdb88c0a8f9a21533403577a%40%3Cozone-issues.hadoop.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7676","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7676"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-ANGULAR-570058","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-ANGULAR-570058"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849206","reference_id":"1849206","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1849206"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5249","reference_id":"RHSA-2020:5249","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5249"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5568","reference_id":"RHSA-2020:5568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0417","reference_id":"RHSA-2021:0417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0967","reference_id":"RHSA-2021:0967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0967"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0968","reference_id":"RHSA-2021:0968","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0968"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0969","reference_id":"RHSA-2021:0969","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0969"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0974","reference_id":"RHSA-2021:0974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0974"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586325?format=json","purl":"pkg:deb/debian/angular.js@1.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583261?format=json","purl":"pkg:deb/debian/angular.js@1.8.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583262?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583263?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie"}],"aliases":["CVE-2020-7676","GHSA-mhp6-pxh8-r675"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rvrc-5q4c-63bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30198?format=json","vulnerability_id":"VCID-s1yh-7m2a-y3g3","summary":"AngularJS Incomplete Filtering of Special Elements vulnerability\nImproper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing  and also negatively affect the application's performance and behavior by using too large or slow-to-load images.\n\nThis issue affects AngularJS versions greater than or equal to 1.3.1.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2336","reference_id":"","reference_type":"","scores":[{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41961","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41696","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4162","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41595","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41686","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4167","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41601","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41739","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4182","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41827","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4189","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45732","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45762","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45783","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45789","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45786","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45808","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45778","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45833","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2336"},{"reference_url":"https://codepen.io/herodevs/pen/bNGYaXx/412a3a4218387479898912f60c269c6c","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-04T18:14:00Z/"}],"url":"https://codepen.io/herodevs/pen/bNGYaXx/412a3a4218387479898912f60c269c6c"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2336","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2336"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2336","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2336"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2025-2336","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-04T18:14:00Z/"}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2025-2336"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2025-2336?angularjs-nes","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2025-2336?angularjs-nes"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107519","reference_id":"1107519","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107519"},{"reference_url":"https://github.com/advisories/GHSA-4p4w-6hg8-63wx","reference_id":"GHSA-4p4w-6hg8-63wx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4p4w-6hg8-63wx"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583261?format=json","purl":"pkg:deb/debian/angular.js@1.8.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583366?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583262?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583367?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583263?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie"}],"aliases":["CVE-2025-2336","GHSA-4p4w-6hg8-63wx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s1yh-7m2a-y3g3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14293?format=json","vulnerability_id":"VCID-tgyd-qy7s-kkew","summary":"angular vulnerable to regular expression denial of service (ReDoS)\nAngularJS lets users write client-side web applications. The package angular after 1.7.0 is vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value.\n\n**Note:**\n1. This package has been deprecated and is no longer maintained.\n2. The vulnerable versions are 1.7.0 and higher.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25844.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25844.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25844","reference_id":"","reference_type":"","scores":[{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83311","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83403","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83402","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83401","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83365","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.8337","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83376","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83361","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83351","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83327","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83554","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83519","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83503","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83501","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83482","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.8346","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83435","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83433","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01924","scoring_system":"epss","scoring_elements":"0.83426","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25844"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WUSPYOTOMAZPDEFPWPSCSPMNODRDKK3"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LNAKCNTVBIHWAUT3FKWV5N67PQXSZOO"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220629-0009","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220629-0009"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2772736","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2772736"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2772738","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-2772738"},{"reference_url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2772737","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2772737"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735"},{"reference_url":"https://stackblitz.com/edit/angularjs-material-blank-zvtdvb","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://stackblitz.com/edit/angularjs-material-blank-zvtdvb"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014779","reference_id":"1014779","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014779"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2080945","reference_id":"2080945","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2080945"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25844","reference_id":"CVE-2022-25844","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25844"},{"reference_url":"https://github.com/advisories/GHSA-m2h2-264f-f486","reference_id":"GHSA-m2h2-264f-f486","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m2h2-264f-f486"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583261?format=json","purl":"pkg:deb/debian/angular.js@1.8.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583366?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1~deb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1~deb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583262?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583367?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583263?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie"}],"aliases":["CVE-2022-25844","GHSA-m2h2-264f-f486"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgyd-qy7s-kkew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23567?format=json","vulnerability_id":"VCID-x8wa-kpm3-abh9","summary":"Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client\nThe vulnerability is a **Credential Leak by App Logic** that leads to the **unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token** to an attacker-controlled domain.\n\nAngular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (`http://` or `https://`) to determine if it is cross-origin. If the URL starts with protocol-relative URL (`//`), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the `X-XSRF-TOKEN` header.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66035.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66035.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66035","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22869","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22975","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.22979","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23705","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26877","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27033","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2707","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26861","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2693","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26976","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2698","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26935","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26887","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26858","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26819","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28267","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28231","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28304","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28211","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00106","scoring_system":"epss","scoring_elements":"0.28291","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66035"},{"reference_url":"https://github.com/angular/angular","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular"},{"reference_url":"https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T18:28:53Z/"}],"url":"https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f"},{"reference_url":"https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T18:28:53Z/"}],"url":"https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc"},{"reference_url":"https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T18:28:53Z/"}],"url":"https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e"},{"reference_url":"https://github.com/angular/angular/releases/tag/19.2.16","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T18:28:53Z/"}],"url":"https://github.com/angular/angular/releases/tag/19.2.16"},{"reference_url":"https://github.com/angular/angular/releases/tag/20.3.14","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T18:28:53Z/"}],"url":"https://github.com/angular/angular/releases/tag/20.3.14"},{"reference_url":"https://github.com/angular/angular/releases/tag/21.0.1","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T18:28:53Z/"}],"url":"https://github.com/angular/angular/releases/tag/21.0.1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2417389","reference_id":"2417389","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2417389"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66035","reference_id":"CVE-2025-66035","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66035"},{"reference_url":"https://github.com/advisories/GHSA-58c5-g7wp-6w37","reference_id":"GHSA-58c5-g7wp-6w37","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-58c5-g7wp-6w37"},{"reference_url":"https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37","reference_id":"GHSA-58c5-g7wp-6w37","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-28T18:28:53Z/"}],"url":"https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583369?format=json","purl":"pkg:deb/debian/angular.js@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583261?format=json","purl":"pkg:deb/debian/angular.js@1.8.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583262?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583263?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie"}],"aliases":["CVE-2025-66035","GHSA-58c5-g7wp-6w37"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x8wa-kpm3-abh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51141?format=json","vulnerability_id":"VCID-xd5a-s1n3-bkhg","summary":"angular Prototype Pollution vulnerability\nVersions of `angular ` prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API function `merge()` does not restrict the modification of an Object's prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects.\n\n## Recommendation\n\nUpgrade to version 1.7.9 or later. The function was already deprecated and upgrades are not expected to break functionality.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10768.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10768.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10768","reference_id":"","reference_type":"","scores":[{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55863","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5586","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55824","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55842","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55862","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55854","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55851","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.558","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.5582","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55797","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00328","scoring_system":"epss","scoring_elements":"0.55686","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61552","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61454","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61449","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61401","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61509","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61471","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61499","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62146","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62143","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10768"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10768","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10768"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3"},{"reference_url":"https://github.com/angular/angular.js/pull/16913","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js/pull/16913"},{"reference_url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10768","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10768"},{"reference_url":"https://snyk.io/vuln/SNYK-JS-ANGULAR-534884","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/SNYK-JS-ANGULAR-534884"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1813309","reference_id":"1813309","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1813309"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945249","reference_id":"945249","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945249"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:angularjs:angularjs:*:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-89mq-4x47-5v83","reference_id":"GHSA-89mq-4x47-5v83","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-89mq-4x47-5v83"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5568","reference_id":"RHSA-2020:5568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0417","reference_id":"RHSA-2021:0417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8849","reference_id":"RHSA-2022:8849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8866","reference_id":"RHSA-2022:8866","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0274","reference_id":"RHSA-2023:0274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0274"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585760?format=json","purl":"pkg:deb/debian/angular.js@1.7.9-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.7.9-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583261?format=json","purl":"pkg:deb/debian/angular.js@1.8.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583262?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/583263?format=json","purl":"pkg:deb/debian/angular.js@1.8.3-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.3-3%3Fdistro=trixie"}],"aliases":["CVE-2019-10768","GHSA-89mq-4x47-5v83"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xd5a-s1n3-bkhg"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/angular.js@1.8.2-2%3Fdistro=trixie"}