Angular.Js
Approved changes feed: RSS · Atom
cpe:2.3:a:angularjs:angular.js:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Angularjs (ce9cdb3e-306c-502b-94b8-440cef51b57f) |
|---|---|
| Product | Angular.Js (23858d2d-c389-5d53-ab6b-a2f7d7365c37) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/angular.js |
purl2cpe | 2026-06-01 10:12:48.095503 |
pkg:deb/ubuntu/angular.js |
purl2cpe | 2026-06-01 10:12:48.095505 |
pkg:github/angular/angular.js |
purl2cpe | 2026-06-01 10:12:48.095507 |
pkg:nuget/AngularJS.Core |
purl2cpe | 2026-06-01 10:12:48.095508 |
pkg:sourceforge/angularjs |
purl2cpe | 2026-06-01 10:12:48.095510 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-8373 |
vulnerable | 2026-06-08 07:00:24.413459 |
AngularJS improper sanitization in '<source>' element
MEDIUM (4.8)
Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .
This issue affects all versions of AngularJS.
Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
Published: 2024-09-09T14:48:41.513Z
Updated: 2025-11-03T19:34:59.571Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-8372 |
vulnerable | 2026-06-08 07:00:24.396149 |
AngularJS improper sanitization in 'srcset' attribute
MEDIUM (4.8)
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .
This issue affects AngularJS versions 1.3.0-rc.4 and greater.
Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
Published: 2024-09-09T14:46:03.134Z
Updated: 2025-11-03T19:34:58.181Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-21490 |
vulnerable | 2026-06-08 06:27:35.421052 |
Details available
HIGH (7.5)
This affects versions of the package angular from 1.3.0; versions of the package angularjs from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service.
**Note:**
This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).
Published: 2024-02-10T05:00:01.641Z
Updated: 2026-06-29T15:25:13.654Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-7676 |
vulnerable | 2026-06-08 05:27:13.941365 |
Details available
angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.
Published: 2020-06-08T13:34:09.000Z
Updated: 2024-08-04T09:41:01.655Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-14863 |
vulnerable | 2026-06-08 05:12:56.298760 |
Details available
HIGH (7.1)
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
Published: 2020-01-02T14:20:50.000Z
Updated: 2024-08-05T00:26:39.196Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-10768 |
vulnerable | 2026-06-08 05:12:25.258961 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.