Approved changes feed: RSS · Atom

cpe:2.3:a:angularjs:angular.js:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorAngularjs (ce9cdb3e-306c-502b-94b8-440cef51b57f)
ProductAngular.Js (23858d2d-c389-5d53-ab6b-a2f7d7365c37)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:deb/debian/angular.js purl2cpe 2026-06-01 10:12:48.095503
pkg:deb/ubuntu/angular.js purl2cpe 2026-06-01 10:12:48.095505
pkg:github/angular/angular.js purl2cpe 2026-06-01 10:12:48.095507
pkg:nuget/AngularJS.Core purl2cpe 2026-06-01 10:12:48.095508
pkg:sourceforge/angularjs purl2cpe 2026-06-01 10:12:48.095510

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-8373 vulnerable 2026-06-08 07:00:24.413459 AngularJS improper sanitization in '<source>' element
MEDIUM (4.8)
Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
Published: 2024-09-09T14:48:41.513Z
Updated: 2025-11-03T19:34:59.571Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-8372 vulnerable 2026-06-08 07:00:24.396149 AngularJS improper sanitization in 'srcset' attribute
MEDIUM (4.8)
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
Published: 2024-09-09T14:46:03.134Z
Updated: 2025-11-03T19:34:58.181Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-21490 vulnerable 2026-06-08 06:27:35.421052 Details available
HIGH (7.5)
This affects versions of the package angular from 1.3.0; versions of the package angularjs from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:** This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).
Published: 2024-02-10T05:00:01.641Z
Updated: 2026-06-29T15:25:13.654Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-7676 vulnerable 2026-06-08 05:27:13.941365 Details available
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.
Published: 2020-06-08T13:34:09.000Z
Updated: 2024-08-04T09:41:01.655Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-14863 vulnerable 2026-06-08 05:12:56.298760 Details available
HIGH (7.1)
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
Published: 2020-01-02T14:20:50.000Z
Updated: 2024-08-05T00:26:39.196Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2019-10768 vulnerable 2026-06-08 05:12:25.258961 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.