CVE-2024-50577

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings...

CVE-2023-26270

IBM Security Guardium Data Encryption IBM Guardium Cloud Key Manager GCKM 1.10.3 could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute...

CVE-2023-34840

angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting XSS vulnerability...

CVE-2021-21277

angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.compileuserControlledInput" where "userControlledInput" is tex...

CVE-2019-17127

A Stored Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation...

CVE-2019-17125

A Reflected Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS...

CVE-2015-10035

A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The patch is named a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is...

MAL-2025-3981 Malicious code in angular-monash (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7281e9d55aa990f9d2ed6d6f8acc5d290a25f3d17fe641c841a5976b519e4844 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in angular-monash (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7281e9d55aa990f9d2ed6d6f8acc5d290a25f3d17fe641c841a5976b519e4844 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3747 Malicious code in @myop/angular-remote (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c529845135f67681059adf0cf2c0ef30da66673da293016d5c193e8162f8070 Withdrawn Advisory This advisory has been withdrawn because @myop/angular-remote is not malware. This link is maintained to preserve external references...

org.webjars.bower:angular-trix (=1.0.2), org.webjars.bower:github-com-sachinchoolur-angular-trix (=1.0.2) potentially affected by CVE-2025-46812 via org.webjars.bower:trix (=0.9.9)

org.webjars.bower:trix MAVEN version =0.9.9 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.bower:trix and may be impacted: - org.webjars.bower:angular-trix =1.0.2 - org.webjars.bower:github-com-sachinchoolur-angular-trix =1.0.2 Source cves...

@angular-devkit/build-angular (>=20.0.0-next.7 <=20.0.0-next.8), @angular/build (>=20.0.0-next.7 <=20.0.0-next.8) +31 more potentially affected by CVE-2025-46565 via vite (>=6.3.0 <=6.3.3)

vite NPM version =6.3.0, =20.0.0-next.7, =20.0.0-next.7, =1.92.0, =0.0.10, =1.0.101, =0.0.1, =2.15.20, =0.2.0, =0.2.5 - @nebula-db/orm =0.2.3 - @nebula-db/plugin-cache =0.2.3 and more Source cves: CVE-2025-46565 Source advisory: OSV:GHSA-859W-5945-R5V3...

Incomplete Filtering of Special Elements

Overview org.webjars.npm:angular is a WebJar for angular. Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements due to improper sanitization of the href and xlink:href attributes in SVG elements. An attacker can bypass image source restrictions and negativel...

com.github.grantlittle:bdd-reporting-server (>=0.1.5 <=0.1.7), com.github.grantlittle:bdd-reporting-service (=0.1.9) +699 more potentially affected by CVE-2025-0716 via org.webjars.bower:angular (>=1.0.7 <=1.8.3)

org.webjars.bower:angular MAVEN version =1.0.7, =0.1.5, =1.1.0, =0.4.4, =0.4.4, =0.3.5, =0.4.1, =0.4.4, =0.3.5, =0.4.4, =0.5.1 and more Source cves: CVE-2025-0716 Source advisory: SNYK:JAVA-ORGWEBJARSBOWER-9919774...

Incomplete Filtering of Special Elements

Overview org.webjars.bowergithub.angular:angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly...

Incomplete Filtering of Special Elements

Overview org.webjars.bower:angular is a bower WebJar for angular. Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements due to improper sanitization of the href and xlink:href attributes in SVG elements. An attacker can bypass image source restrictions and...

net.aequologica.neo:dagr-vebchar (=0.5.2-alpha), net.aequologica.neo:dagr-web (=0.5.2-alpha) +108 more potentially affected by CVE-2025-0716 via org.webjars.npm:angular (>=1.2.32 <=1.8.3)

org.webjars.npm:angular MAVEN version =1.2.32, =0.5.2, =0.5.2, =5.2.0-RC1, =5.2.0, =5.2.0, =5.2.0, =5.2.0, =0.4.0, =1.1.3 and more Source cves: CVE-2025-0716 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-9919775...

10.30.npm-learning (>=1.0.0 <=1.1.0), 2017_node (=1.0.0) +3309 more potentially affected by CVE-2025-0716 via angular (>=0.0.1 <=1.8.3)

angular NPM version =0.0.1, =1.0.0, =4.13.7-rc4, =1.103.1, =1.103.1, =1.102.4, =1.102.3, =1.102.3, =1.4.156, =1.0.3, =1.0.0, =1.0.0, =0.5.0, =0.5.2 and more Source cves: CVE-2025-0716 Source advisory: OSV:GHSA-J58C-WW9W-PWP5...

K000150967: Angular JS vulnerabilities CVE-2023-26117 and CVE-2023-26118

Security Advisory Description CVE-2023-26117 Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted...

Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)

Exploit Title: Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution RCE Date: 10 October 2024 Discovered by : Ravindu Wickramasinghe | rvz @rvizx9 Exploit Author: Ravindu Wickramasinghe | rvz @rvizx9 Vendor Homepage: https://www.npmjs.com/package/angular-base64-upload...