Search for packages
| purl | pkg:npm/angular@1.0.0 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3xrn-c2s9-puc4
Aliases: GMS-2017-115 |
Denial of service in $sanitize Running $sanitize on bad HTML can freeze the browser. The problem occurs with clobbered data; typically the "nextSibling" property on an element is changed to one of it's child node, this makes it impossible to walk the HTML tree and leads to an infinite loop which freezes the browser. |
Affected by 13 other vulnerabilities. |
|
VCID-7bqm-uvf4-3yad
Aliases: GMS-2017-134 |
XSS in $sanitize in Safari/Firefox Both Firefox and Safari are vulnerable to XSS if we use an inert document created via `document.implementation.createHTMLDocument()`. |
Affected by 12 other vulnerabilities. |
|
VCID-979e-m5qt-3yfg
Aliases: CVE-2022-25869 GHSA-prc3-vjfx-vhm9 |
There are no reported fixed by versions. | |
|
VCID-ejk7-8rjm-1fdt
Aliases: CVE-2023-26118 GHSA-qwqh-hm9m-p5hr |
angular vulnerable to regular expression denial of service via the <input type="url"> element All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | There are no reported fixed by versions. |
|
VCID-h1qm-xwva-2uf3
Aliases: CVE-2019-14863 GHSA-r5fx-8r73-v86c |
Affected by 0 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
|
VCID-jmwe-jac4-5uaw
Aliases: GMS-2016-48 |
Code Injection The attribute usemap can be used as a security exploit. |
Affected by 16 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
VCID-ka1v-nfwd-hqg5
Aliases: CVE-2023-26116 GHSA-2vrf-hf26-jrp5 |
angular vulnerable to regular expression denial of service via the angular.copy() utility All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | There are no reported fixed by versions. |
|
VCID-m38g-9d2k-s3f5
Aliases: CVE-2023-26117 GHSA-2qqx-w9hr-q5gx |
angular vulnerable to regular expression denial of service via the $resource service All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | There are no reported fixed by versions. |
|
VCID-peaz-9yn5-jqc5
Aliases: CVE-2024-8373 GHSA-mqm9-c95h-x2p6 |
There are no reported fixed by versions. | |
|
VCID-rh6g-8fvj-aqhv
Aliases: CVE-2025-0716 GHSA-j58c-ww9w-pwp5 |
There are no reported fixed by versions. | |
|
VCID-rr1g-zum4-tudn
Aliases: CVE-2020-7676 GHSA-mhp6-pxh8-r675 |
Affected by 9 other vulnerabilities. |
|
|
VCID-uax8-wmy5-93hz
Aliases: GMS-2017-110 |
Bypass CSP protection , AngularJS allows bootstrapping of invalid/bad svg and currentScript if it was clobbered. |
Affected by 13 other vulnerabilities. |
|
VCID-udyf-r4mh-x7cu
Aliases: GMS-2018-9 |
Cross Site Scripting On Firefox there is a XSS vulnerability if a malicious attacker can write into the `xml:base` attribute on an SVG anchor. |
Affected by 11 other vulnerabilities. |
|
VCID-vxcp-eaa7-nyab
Aliases: GHSA-28hp-fgcr-2r4h GMS-2019-114 |
Cross-Site Scripting via JSONP JSONP allows untrusted resource URLs, which provides a vector for attack by malicious actors. |
Affected by 15 other vulnerabilities. |
|
VCID-xqkp-4es6-4kam
Aliases: GMS-2016-73 |
Bypass CSP protection Extension URIs (`resource://...`) bypass ````Content-Security-Policy```` in Chrome and Firefox and can always be loaded. Now if a site already has a XSS bug, and uses CSP to protect itself, but the user has an extension installed that uses Angular, an attacked can load Angular from the extension, and Angular's auto-bootstrapping can be used to bypass the victim site's CSP protection. |
Affected by 16 other vulnerabilities. Affected by 16 other vulnerabilities. Affected by 15 other vulnerabilities. |
|
VCID-z2pj-4dxf-3qag
Aliases: CVE-2019-10768 GHSA-89mq-4x47-5v83 |
Affected by 11 other vulnerabilities. |
|
|
VCID-z3y6-h1rr-mqd4
Aliases: GHSA-5cp4-xmrw-59wf GMS-2020-703 |
XSS via JQLite DOM manipulation functions in AngularJS |
Affected by 9 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||