{"url":"http://public2.vulnerablecode.io/api/packages/771815?format=json","purl":"pkg:npm/angular-sanitize@1.6.1","type":"npm","namespace":"","name":"angular-sanitize","version":"1.6.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30198?format=json","vulnerability_id":"VCID-s1yh-7m2a-y3g3","summary":"AngularJS Incomplete Filtering of Special Elements vulnerability\nImproper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing  and also negatively affect the application's performance and behavior by using too large or slow-to-load images.\n\nThis issue affects AngularJS versions greater than or equal to 1.3.1.\n\nNote:\nThe AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2336","reference_id":"","reference_type":"","scores":[{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41827","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41601","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41739","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4182","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.41961","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00198","scoring_system":"epss","scoring_elements":"0.4189","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45783","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45789","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45732","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45833","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45778","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45808","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45762","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45786","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2336"},{"reference_url":"https://codepen.io/herodevs/pen/bNGYaXx/412a3a4218387479898912f60c269c6c","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-04T18:14:00Z/"}],"url":"https://codepen.io/herodevs/pen/bNGYaXx/412a3a4218387479898912f60c269c6c"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2336","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2336"},{"reference_url":"https://github.com/angular/angular.js","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/angular/angular.js"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2336","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2336"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2025-2336","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-04T18:14:00Z/"}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2025-2336"},{"reference_url":"https://www.herodevs.com/vulnerability-directory/cve-2025-2336?angularjs-nes","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.herodevs.com/vulnerability-directory/cve-2025-2336?angularjs-nes"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107519","reference_id":"1107519","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107519"},{"reference_url":"https://github.com/advisories/GHSA-4p4w-6hg8-63wx","reference_id":"GHSA-4p4w-6hg8-63wx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4p4w-6hg8-63wx"},{"reference_url":"https://usn.ubuntu.com/7958-1/","reference_id":"USN-7958-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7958-1/"}],"fixed_packages":[],"aliases":["CVE-2025-2336","GHSA-4p4w-6hg8-63wx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s1yh-7m2a-y3g3"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/angular-sanitize@1.6.1"}