Regular Expression Denial of Service (ReDoS)

Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package...

JHipster SQL Injection Vulnerability

JHipster is an open source application builder that develops web applications and microservices primarily using Angular or React and Spring Framework.JHipster suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, whic...

@superdev-official/buffet-angular (=1.0.11), apps-b-builder (>=0.1.0 <=0.4.3) +9 more potentially affected by CVE-2022-25760 via accesslog (=0.0.2)

accesslog NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on accesslog and may be impacted: - @superdev-official/buffet-angular =1.0.11 - apps-b-builder =0.1.0, =0.6.0, =3.1.0, =0.1.0, =2.0.0, =0.4.0, =0.1.0, =0.4.1, =0.5.0 Source cves:...

@ckeditor/ckeditor5-dev-lint (>=1.0.0 <=2.0.3), @code_monk/hak-cli (>=1.0.6 <=1.0.9) +364 more potentially affected by CVE-2020-7751 via pathval (>=0.0.1 <=1.1.0)

pathval NPM version =0.0.1, =1.0.0, =1.0.6, =1.0.4, =2.0.3, =1.0.8, =1.0.3, =1.0.7, =2.0.3, =3.1.2, =1.0.3, =0.0.1, =0.1.0, =0.2.0 - @nwetzel/modern-web-dev-build =0.6.0 and more Source cves: CVE-2020-7751 Source advisory: OSV:GHSA-G6WW-V8XP-VMWG...

@superdev-official/buffet-angular (=1.0.11), apps-b-builder (>=0.1.0 <=0.4.3) +9 more potentially affected by CVE-2022-25760 via accesslog (=0.0.2)

accesslog NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on accesslog and may be impacted: - @superdev-official/buffet-angular =1.0.11 - apps-b-builder =0.1.0, =0.6.0, =3.1.0, =0.1.0, =2.0.0, =0.4.0, =0.1.0, =0.4.1, =0.5.0 Source cves:...

@daedalus/angular-handsontable (>=1.0.1 <=1.0.5), @hpcc-js/handson (>=0.0.1 <=0.0.44) +53 more potentially affected by CVE-2021-23446 via handsontable (>=0.25.1 <=0.38.1)

handsontable NPM version =0.25.1, =1.0.1, =0.0.1, =1.0.2, =0.1.0, =0.1.0, =1.0.0-beta1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.11, =1.1.12 and more Source cves: CVE-2021-23446 Source advisory: OSV:GHSA-HF66-R44G-P7J9...

@daedalus/angular-handsontable (>=1.0.1 <=1.0.5), @hpcc-js/handson (>=0.0.1 <=0.0.44) +53 more potentially affected by CVE-2021-23446 via handsontable (>=0.25.1 <=0.38.1)

handsontable NPM version =0.25.1, =1.0.1, =0.0.1, =1.0.2, =0.1.0, =0.1.0, =1.0.0-beta1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.11, =1.1.12 and more Source cves: CVE-2021-23446 Source advisory: SNYK:JS-HANDSONTABLE-1726770...

40au-isteven-angular-multiselect (=4.0.0), @abcd19/st-grid (=3.1.0) +724 more potentially affected by CVE-2025-11149 via node-static (>=0.5.6 <=0.7.11)

node-static NPM version =0.5.6, =1.0.5, =0.0.5, =0.0.1, =0.0.1, =17.0.6 - @beadswap/lib =0.0.1 and more Source cves: CVE-2025-11149 Source advisory: OSV:GHSA-8R4G-CG4M-X23C...

@angular/cli (=9.1.0-next.3), @schematics/update (=0.901.0-next.3) +1 more potentially affected by unknown CVE via @npmcli/git (=1.0.1)

@npmcli/git NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @npmcli/git and may be impacted: - @angular/cli =9.1.0-next.3 - @schematics/update =0.901.0-next.3 - pacote =11.1.1 Source cves: unknown CVE Source advisory:...

nodejs-angular: XSS due to regex-based HTML replacement

A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

nodejs-angular: XSS due to regex-based HTML replacement

A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

nodejs-angular: XSS due to regex-based HTML replacement

A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

nodejs-angular: XSS due to regex-based HTML replacement

A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.4.6 security update

A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security update for libmysofa (moderate)

openSUSE Security Update: Security update for libmysofa Announcement ID: openSUSE-SU-2021:0459-1 Rating: moderate References: 1149919 1149920 1149922 1149924 1149926 1159839 1160040 1181977 1181978 1181979 1181980 1181981 1182883 Cross-References: CVE-2019-16091 CVE-2019-16092 CVE-2019-16093...

OPENSUSE-SU-2021:0459-1 Security update for libmysofa

This update for libmysofa fixes the following issues: - Added security backports: ghhoene/libmysofa136 - CVE-2020-36152 - boo1181977 ghhoene/libmysofa138 - CVE-2020-36148 - boo1181981 ghhoene/libmysofa137 - CVE-2020-36149 - boo1181980 ghhoene/libmysofa134 - CVE-2020-36151 - boo1181978...

@duetds/angular (>=5.0.2 <=5.0.3), @duetds/components (>=5.0.2 <=5.0.3) +2 more potentially affected by CVE-2021-23356 via kill-process-by-name (=1.0.5)

kill-process-by-name NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on kill-process-by-name and may be impacted: - @duetds/angular =5.0.2, =5.0.2, =1.7.20, =5.0.2, =5.0.3 Source cves: CVE-2021-23356 Source advisory:...

Cross-Site Scripting (XSS)

Overview Affected versions of angular are vulnerable to JSONP Callback Attack. JSONP JSON with padding is a method used to request data from a server residing in a different domain than the client. Any url could perform JSONP requests, allowing full access to the browser and the JavaScript contex...

@duetds/angular (>=5.0.2 <=5.0.3), @duetds/components (>=5.0.2 <=5.0.3) +2 more potentially affected by CVE-2021-23356 via kill-process-by-name (=1.0.5)

kill-process-by-name NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on kill-process-by-name and may be impacted: - @duetds/angular =5.0.2, =5.0.2, =1.7.20, =5.0.2, =5.0.3 Source cves: CVE-2021-23356 Source advisory:...

Remote Code Execution

Overview Affected versions of angular-expressions are affected by a remote code execution vulnerability. Impact If you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input you are potentially impacted. The security of the package could be bypass...