Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/angular@1.8.0
purl pkg:npm/angular@1.8.0
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk
Vulnerabilities affecting this package (9)
Vulnerability Summary Fixed by
VCID-4v93-h3e4-8ydq
Aliases:
CVE-2022-25844
GHSA-m2h2-264f-f486
The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher. There are no reported fixed by versions.
VCID-5zzk-7d69-s7hn
Aliases:
CVE-2023-26118
GHSA-qwqh-hm9m-p5hr
Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. There are no reported fixed by versions.
VCID-758x-qqp7-2qah
Aliases:
CVE-2024-21490
GHSA-4w4v-5hc9-xrr2
There are no reported fixed by versions.
VCID-cy2q-mtff-5kg4
Aliases:
CVE-2024-8373
GHSA-mqm9-c95h-x2p6
Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status . There are no reported fixed by versions.
VCID-erfv-zy2t-hfhz
Aliases:
CVE-2024-8372
GHSA-m9gf-397r-hwpg
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status . There are no reported fixed by versions.
VCID-g6uy-ey69-93b8
Aliases:
CVE-2022-25869
GHSA-prc3-vjfx-vhm9
All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements. There are no reported fixed by versions.
VCID-gn5u-gf3m-f3c1
Aliases:
CVE-2023-26116
GHSA-2vrf-hf26-jrp5
There are no reported fixed by versions.
VCID-p225-18fx-d7gr
Aliases:
CVE-2025-0716
GHSA-j58c-ww9w-pwp5
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing  and also negatively affect the application's performance and behavior by using too large or slow-to-load images. This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status . There are no reported fixed by versions.
VCID-sjvs-aer9-h3fx
Aliases:
CVE-2023-26117
GHSA-2qqx-w9hr-q5gx
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. There are no reported fixed by versions.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-8nch-3tex-67dc Angular vulnerable to Cross-site Scripting CVE-2020-7676
GHSA-mhp6-pxh8-r675
VCID-npfb-rzhh-d7eg XSS via JQLite DOM manipulation functions in AngularJS GHSA-5cp4-xmrw-59wf

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-12T20:00:32.890300+00:00 GitLab Importer Affected by VCID-p225-18fx-d7gr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/angular/CVE-2025-0716.yml 38.6.0
2026-06-12T19:39:06.197807+00:00 GitLab Importer Affected by VCID-cy2q-mtff-5kg4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/angular/CVE-2024-8373.yml 38.6.0
2026-06-12T19:39:05.351104+00:00 GitLab Importer Affected by VCID-erfv-zy2t-hfhz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/angular/CVE-2024-8372.yml 38.6.0
2026-06-12T19:19:19.777043+00:00 GitLab Importer Affected by VCID-758x-qqp7-2qah https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/angular/CVE-2024-21490.yml 38.6.0
2026-06-12T18:51:04.040226+00:00 GitLab Importer Affected by VCID-sjvs-aer9-h3fx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/angular/CVE-2023-26117.yml 38.6.0
2026-06-12T18:51:03.327439+00:00 GitLab Importer Affected by VCID-5zzk-7d69-s7hn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/angular/CVE-2023-26118.yml 38.6.0
2026-06-12T18:50:54.771033+00:00 GitLab Importer Affected by VCID-gn5u-gf3m-f3c1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/angular/CVE-2023-26116.yml 38.6.0
2026-06-12T18:28:14.487188+00:00 GitLab Importer Affected by VCID-g6uy-ey69-93b8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/angular/CVE-2022-25869.yml 38.6.0
2026-06-12T18:06:37.033474+00:00 GitLab Importer Affected by VCID-4v93-h3e4-8ydq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/angular/CVE-2022-25844.yml 38.6.0
2026-06-12T17:21:56.902357+00:00 GitLab Importer Fixing VCID-8nch-3tex-67dc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/angular/CVE-2020-7676.yml 38.6.0
2026-06-12T08:02:31.100341+00:00 GithubOSV Importer Fixing VCID-8nch-3tex-67dc https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-mhp6-pxh8-r675/GHSA-mhp6-pxh8-r675.json 38.6.0
2026-06-12T08:01:55.828989+00:00 GithubOSV Importer Fixing VCID-npfb-rzhh-d7eg https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/08/GHSA-5cp4-xmrw-59wf/GHSA-5cp4-xmrw-59wf.json 38.6.0
2026-06-11T20:26:24.402740+00:00 GHSA Importer Fixing VCID-npfb-rzhh-d7eg https://github.com/advisories/GHSA-5cp4-xmrw-59wf 38.6.0
2026-06-11T20:26:17.674361+00:00 GHSA Importer Fixing VCID-8nch-3tex-67dc https://github.com/advisories/GHSA-mhp6-pxh8-r675 38.6.0