OsVault/npm/angular

npm2 critical

angular

91 known vulnerabilities · 2 critical · 5 high

CVE-2023-26118MEDIUM

angular vulnerable to regular expression denial of service via the <input type="url"> element

Published Mar 30, 2023

CVE-2024-21490HIGH

angular vulnerable to super-linear runtime due to backtracking

Published Feb 10, 2024

CVE-2022-25844MEDIUM

angular vulnerable to regular expression denial of service (ReDoS)

Published May 3, 2022

CVE-2019-10768HIGH

angular Prototype Pollution vulnerability

Published Nov 20, 2019

CVE-2024-8372

AngularJS allows attackers to bypass common image source restrictions

Published Sep 9, 2024

CVE-2020-7676MEDIUM

Angular vulnerable to Cross-site Scripting

Published Jun 18, 2020

CVE-2023-26116MEDIUM

angular vulnerable to regular expression denial of service via the angular.copy() utility

Published Mar 30, 2023

CVE-2022-25869MEDIUM

Angular (deprecated package) Cross-site Scripting

Published Jul 16, 2022

CVE-2024-8373

AngularJS allows attackers to bypass common image source restrictions

Published Sep 9, 2024

CVE-2023-26117MEDIUM

angular vulnerable to regular expression denial of service via the $resource service

Published Mar 30, 2023

CVE-2018-11537MEDIUM

Auth0 angular-jwt misinterprets allowlist as regex

Published May 14, 2022

CVE-2026-27970

Angular i18n vulnerable to Cross-Site Scripting

Published Feb 27, 2026

CVE-2018-13339MEDIUM

Angular Redactor XSS Vulnerability

Published May 14, 2022

GHSA-45q2-gjvg-7973

Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server

Published Apr 16, 2026

CVE-2018-3713MEDIUM

Path Traversal in angular-http-server

Published Jul 26, 2018

MAL-2022-1002

Malicious code in angular-a11y-workshop (npm)

Published Jun 20, 2022

MAL-2022-1006

Malicious code in angular-dev-test (npm)

Published Jun 20, 2022

MAL-2022-1161

Malicious code in atomic-angular (npm)

Published Jun 20, 2022

MAL-2022-1009

Malicious code in angular-rs-loading (npm)

Published Jun 20, 2022

MAL-2025-2091

Malicious code in angular-identity-component (npm)

Published Mar 4, 2025

MAL-2022-283

Malicious code in @gco-angular/apollo (npm)

Published Jun 20, 2022

CVE-2021-32854MEDIUM

textAngular Cross-site Scripting vulnerability

Published Feb 21, 2023

MAL-2022-6742

Malicious code in ugentec-framework-angular (npm)

Published Jul 12, 2022

MAL-2022-1003

Malicious code in angular-adaptive-detection (npm)

Published Jun 20, 2022

MAL-2022-5338

Malicious code in pingone-angular-registration (npm)

Published Jun 20, 2022

MAL-2023-7908

Malicious code in payuangular (npm)

Published Aug 25, 2023

MAL-2025-190713

Malicious code in @aryanhussain/my-angular-lib (npm)

Published Nov 24, 2025

CVE-2021-4231LOW

Angular vulnerable to Cross-site Scripting

Published May 27, 2022

MAL-2024-8962

Malicious code in visa-ui-angular (npm)

Published Sep 25, 2024

CVE-2023-34840MEDIUM

angular-ui-notification Cross-site Scripting vulnerability

Published Jun 30, 2023

CVE-2020-5219HIGH

Remote Code Execution in Angular Expressions

Published Jan 24, 2020

MAL-2022-1004

Malicious code in angular-cloudinary-photo (npm)

Published Jun 20, 2022

MAL-2025-190973

Malicious code in itobuz-angular-button (npm)

Published Nov 24, 2025

CVE-2026-32635

Angular vulnerable to XSS in i18n attribute bindings

Published Mar 13, 2026

CVE-2016-10524HIGH

Denial of Service and Content Injection in i18n-node-angular

Published Feb 18, 2019

MAL-2025-191952

Malicious code in angular-trackjs (npm)

Published Dec 3, 2025

MAL-2022-1937

Malicious code in cloudinary-sample-angular (npm)

Published Jun 20, 2022

CVE-2026-22610

Angular has XSS Vulnerability via Unsanitized SVG Script Attributes

Published Jan 9, 2026

MAL-2025-191505

Malicious code in angular-promql (npm)

Published Dec 1, 2025

CVE-2023-28444CRITICAL

angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend

Published Mar 24, 2023

CVE-2025-66412

Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

Published Dec 2, 2025

CVE-2024-42640CRITICAL

angular-base64-upload vulnerable to unauthenticated remote code execution

Published Oct 11, 2024

MAL-2025-2238

Malicious code in angularonlineauthclient (npm)

Published Mar 11, 2025

MAL-2024-10233

Malicious code in dexter-angular-app (npm)

Published Oct 24, 2024

MAL-2022-1008

Malicious code in angular-link-diver (npm)

Published Jun 20, 2022

CVE-2026-27739

Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline

Published Feb 25, 2026

MAL-2022-1885

Malicious code in charting-library-angular5 (npm)

Published Jun 20, 2022

MAL-2022-1633

Malicious code in bmw-angular-framework (npm)

Published Jun 20, 2022

CVE-2025-66035

Angular is Vulnerable to XSRF Token Leakage via Protocol-Relative URLs in Angular HTTP Client

Published Nov 26, 2025

CVE-2021-21277HIGH

Angular Expressions - Remote Code Execution

Published Feb 1, 2021

MAL-2022-5339

Malicious code in pingone-angular-sdk (npm)

Published Jun 20, 2022

MAL-2025-191521

Malicious code in nova-angular-project (npm)

Published Dec 1, 2025

MAL-2022-85

Malicious code in @atlas-angular/logger (npm)

Published Jun 21, 2022

MAL-2023-95

Malicious code in angular-portal-dependencies (npm)

Published Feb 7, 2023

CVE-2017-16009MEDIUM

XSS via Angular Expression in ag-grid

Published Sep 1, 2020

MAL-2022-3218

Malicious code in frontegg-angular (npm)

Published Jun 20, 2022

MAL-2025-1571

Malicious code in appauth-angular-app (npm)

Published Feb 28, 2025

MAL-2022-2774

Malicious code in epm-rdpt-angularjs (npm)

Published Jul 25, 2022

GHSA-vmhw-fhj6-m3g5

Path Traversal in angular-http-server

Published May 31, 2019

MAL-2025-4550

Malicious code in angular-tealium (npm)

Published May 26, 2025

MAL-2022-1007

Malicious code in angular-directive-seed (npm)

Published Jun 20, 2022

CVE-2026-33397

Protocol-Relative URL Injection via Single Backslash Bypass in Angular SSR

Published Mar 19, 2026

MAL-2022-1011

Malicious code in angularanijmate (npm)

Published Aug 19, 2022

MAL-2022-1012

Malicious code in angularfire-seed (npm)

Published Jun 20, 2022

MAL-2025-1182

Malicious code in traceviz-angular-trace (npm)

Published Feb 3, 2025

MAL-2022-1993

Malicious code in collab-ui-angular (npm)

Published Jun 20, 2022

MAL-2025-3981

Malicious code in angular-monash (npm)

Published May 19, 2025

MAL-2022-284

Malicious code in @gco-angular/communication-facade (npm)

Published Jun 20, 2022

MAL-2022-285

Malicious code in @gco-angular/rxjs-utils (npm)

Published Jun 20, 2022

MAL-2022-4857

Malicious code in nishant-ok-angularjs (npm)

Published Jul 25, 2022

MAL-2025-1202

Malicious code in @devstack-angular/jdai (npm)

Published Feb 3, 2025

MAL-2022-5346

Malicious code in piwik-pro-angular-tracking (npm)

Published Jun 20, 2022

MAL-2025-4967

Malicious code in traceviz-angular-core (npm)

Published Jun 15, 2025

MAL-2024-7943

Malicious code in coralui-support-angular (npm)

Published Aug 7, 2024

MAL-2026-3276

Malicious code in accesso-angular-cache-buster (npm)

Published May 4, 2026

MAL-2022-3209

Malicious code in freekws-devportal-api-client-angular (npm)

Published Aug 22, 2022

MAL-2024-11142

Malicious code in flutter-angular-bridge (npm)

Published Nov 29, 2024

MAL-2025-190971

Malicious code in itobuz-angular (npm)

Published Nov 24, 2025

MAL-2025-190972

Malicious code in itobuz-angular-auth (npm)

Published Nov 24, 2025

MAL-2022-5943

Malicious code in sbb-angular (npm)

Published Jun 20, 2022

MAL-2022-6126

Malicious code in simplemde-angular (npm)

Published Jun 20, 2022

MAL-2025-268

Malicious code in aem-angular-editable-components (npm)

Published Jan 21, 2025

MAL-2025-191322

Malicious code in @trackstar/angular-trackstar-link (npm)

Published Nov 24, 2025

MAL-2025-191325

Malicious code in @trackstar/test-angular-package (npm)

Published Nov 24, 2025

MAL-2024-8969

Malicious code in design-system-components-angular (npm)

Published Sep 25, 2024

MAL-2025-330

Malicious code in angular-blockchain-wallet (npm)

Published Jan 22, 2025

CVE-2025-59052

Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage

Published Sep 10, 2025

CVE-2026-27738

Angular SSR has an Open Redirect via X-Forwarded-Prefix

Published Feb 25, 2026

MAL-2022-1005

Malicious code in angular-codemirror (npm)

Published Jun 20, 2022

MAL-2022-1010

Malicious code in angular-tz-extensions (npm)

Published Jun 20, 2022

MAL-2026-1860

Malicious code in tdangularjs (npm)

Published Mar 18, 2026

Check your entire dependency tree at onceRun dependency scan →