VYPR

Angular.js

by Angular

Source repositories

CVEs (6)

  • CVE-2019-10768HigNov 19, 2019
    risk 0.42cvss 7.5epss 0.02

    In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.

  • CVE-2023-26118MedMar 30, 2023
    risk 0.35cvss 5.3epss 0.02

    Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large…

  • CVE-2023-26117MedMar 30, 2023
    risk 0.35cvss 5.3epss 0.02

    Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result…

  • CVE-2023-26116MedMar 30, 2023
    risk 0.35cvss 5.3epss 0.02

    Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input,…

  • CVE-2025-2336MedJun 4, 2025
    risk 0.31cvss 4.8epss 0.00

    Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing…

  • CVE-2025-0716MedApr 29, 2025
    risk 0.31cvss 4.8epss 0.00

    Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing…