Search for packages
| purl | pkg:npm/angular@1.6.6 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5zzk-7d69-s7hn
Aliases: CVE-2023-26118 GHSA-qwqh-hm9m-p5hr |
Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | There are no reported fixed by versions. |
|
VCID-67hr-2fv8-ykcj
Aliases: CVE-2019-10768 GHSA-89mq-4x47-5v83 |
angular Prototype Pollution vulnerability |
Affected by 11 other vulnerabilities. |
|
VCID-758x-qqp7-2qah
Aliases: CVE-2024-21490 GHSA-4w4v-5hc9-xrr2 |
There are no reported fixed by versions. | |
|
VCID-8nch-3tex-67dc
Aliases: CVE-2020-7676 GHSA-mhp6-pxh8-r675 |
Angular vulnerable to Cross-site Scripting |
Affected by 9 other vulnerabilities. |
|
VCID-cy2q-mtff-5kg4
Aliases: CVE-2024-8373 GHSA-mqm9-c95h-x2p6 |
Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status . | There are no reported fixed by versions. |
|
VCID-erfv-zy2t-hfhz
Aliases: CVE-2024-8372 GHSA-m9gf-397r-hwpg |
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status . | There are no reported fixed by versions. |
|
VCID-g6uy-ey69-93b8
Aliases: CVE-2022-25869 GHSA-prc3-vjfx-vhm9 |
All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements. | There are no reported fixed by versions. |
|
VCID-gn5u-gf3m-f3c1
Aliases: CVE-2023-26116 GHSA-2vrf-hf26-jrp5 |
There are no reported fixed by versions. | |
|
VCID-n4ww-dxd4-2udn
Aliases: GMS-2018-9 |
Cross Site Scripting On Firefox there is a XSS vulnerability if a malicious attacker can write into the `xml:base` attribute on an SVG anchor. |
Affected by 11 other vulnerabilities. |
|
VCID-npfb-rzhh-d7eg
Aliases: GHSA-5cp4-xmrw-59wf GMS-2020-703 |
XSS via JQLite DOM manipulation functions in AngularJS |
Affected by 9 other vulnerabilities. |
|
VCID-p225-18fx-d7gr
Aliases: CVE-2025-0716 GHSA-j58c-ww9w-pwp5 |
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing and also negatively affect the application's performance and behavior by using too large or slow-to-load images. This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status . | There are no reported fixed by versions. |
|
VCID-sjvs-aer9-h3fx
Aliases: CVE-2023-26117 GHSA-2qqx-w9hr-q5gx |
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||