Search for packages
| purl | pkg:npm/angular@1.6.3 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-55sp-gp98-23gr
Aliases: GMS-2017-134 |
XSS in $sanitize in Safari/Firefox Both Firefox and Safari are vulnerable to XSS if we use an inert document created via `document.implementation.createHTMLDocument()`. |
Affected by 11 other vulnerabilities. |
|
VCID-5zzk-7d69-s7hn
Aliases: CVE-2023-26118 GHSA-qwqh-hm9m-p5hr |
Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | There are no reported fixed by versions. |
|
VCID-67hr-2fv8-ykcj
Aliases: CVE-2019-10768 GHSA-89mq-4x47-5v83 |
angular Prototype Pollution vulnerability |
Affected by 10 other vulnerabilities. |
|
VCID-758x-qqp7-2qah
Aliases: CVE-2024-21490 GHSA-4w4v-5hc9-xrr2 |
There are no reported fixed by versions. | |
|
VCID-8nch-3tex-67dc
Aliases: CVE-2020-7676 GHSA-mhp6-pxh8-r675 |
Angular vulnerable to Cross-site Scripting |
Affected by 9 other vulnerabilities. |
|
VCID-cy2q-mtff-5kg4
Aliases: CVE-2024-8373 GHSA-mqm9-c95h-x2p6 |
Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status . | There are no reported fixed by versions. |
|
VCID-erfv-zy2t-hfhz
Aliases: CVE-2024-8372 GHSA-m9gf-397r-hwpg |
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status . | There are no reported fixed by versions. |
|
VCID-g6uy-ey69-93b8
Aliases: CVE-2022-25869 GHSA-prc3-vjfx-vhm9 |
All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements. | There are no reported fixed by versions. |
|
VCID-gn5u-gf3m-f3c1
Aliases: CVE-2023-26116 GHSA-2vrf-hf26-jrp5 |
There are no reported fixed by versions. | |
|
VCID-n4ww-dxd4-2udn
Aliases: GMS-2018-9 |
Cross Site Scripting On Firefox there is a XSS vulnerability if a malicious attacker can write into the `xml:base` attribute on an SVG anchor. |
Affected by 10 other vulnerabilities. |
|
VCID-p225-18fx-d7gr
Aliases: CVE-2025-0716 GHSA-j58c-ww9w-pwp5 |
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing and also negatively affect the application's performance and behavior by using too large or slow-to-load images. This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status . | There are no reported fixed by versions. |
|
VCID-sjvs-aer9-h3fx
Aliases: CVE-2023-26117 GHSA-2qqx-w9hr-q5gx |
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-knpg-smez-63bc | Bypass CSP protection , AngularJS allows bootstrapping of invalid/bad svg and currentScript if it was clobbered. |
GMS-2017-110
|
| VCID-p1jd-7g5e-cba6 | Denial of service in $sanitize Running $sanitize on bad HTML can freeze the browser. The problem occurs with clobbered data; typically the "nextSibling" property on an element is changed to one of it's child node, this makes it impossible to walk the HTML tree and leads to an infinite loop which freezes the browser. |
GMS-2017-115
|