What CVE's have appeared in AngularJS since becoming End-of-Life (EOL)?

Since AngularJS reached End-of-Life (EOL) on December 31, 2021, a number of CVEs have been publicly disclosed:

  • CVE-2024-8373 - HeroDevs discovered the vulnerability during our routine scans and analysis and disclosed this Medium Severity CVE. Prior to this CVE being published, HeroDevs provided a fix in XLTS for AngularJS versions 1.9.6 and 1.5.22 and notified our AngularJS announcement lists.
  • CVE-2024-8372 - HeroDevs discovered the vulnerability during our routine scans and analysis and disclosed this Medium Severity CVE. Prior to this CVE being published, HeroDevs provided a fix in XLTS for AngularJS versions 1.9.6 and 1.5.22 and notified our AngularJS announcement lists.
  • CVE-2024-21490 - XLTS.dev discovered this vulnerability during our routine scans and analysis. We disclosed this High Severity CVE through Snyk. Prior to this CVE being published, XLTS.dev provided a fix in XLTS for AngularJS version 1.9.3 and 1.5.19 and notified our AngularJS announcement lists.
  • CVE-2023-26118 - XLTS.dev discovered this vulnerability during our routine scans and analysis. We disclosed this Medium Severity CVE through Snyk. Prior to this CVE being published, XLTS.dev provided a fix in XLTS for AngularJS version 1.9.1 and 1.5.17. We then emailed our XLTS for AngularJS announcement lists about the release on January 20, 2023.
  • CVE-2023-26117 - XLTS.dev discovered this vulnerability during our routine scans and analysis. We disclosed this Medium Severity CVE through Snyk. Prior to this CVE being published, XLTS.dev provided a fix in XLTS for AngularJS version 1.9.1 and 1.5.17. We then emailed our XLTS for AngularJS announcement lists about the release on January 20, 2023.
  • CVE-2023-26116 - XLTS.dev discovered this vulnerability during our routine scans and analysis. We disclosed this Medium Severity CVE through Snyk. Prior to this CVE being published, XLTS.dev provided a fix in XLTS for AngularJS version 1.9.1 and 1.5.17. We then emailed our XLTS for AngularJS announcement lists about the release on January 20, 2023.
  • CVE-2022-25869 - XLTS.dev discovered this vulnerability during our routine cross-browser End-To-End testing automation. We disclosed this Medium Severity CVE through Snyk. Prior to this CVE being published, XLTS.dev provided a fix in XLTS for AngularJS versions 1.9.0 and 1.5.16. We then emailed our XLTS for AngularJS announcement lists about the release on May 25, 2022 (for 1.9.0) and June 15, 2022 (for 1.5.16).
  • CVE-2022-25844 - XLTS.dev discovered this vulnerability during our routine scans and analysis. We disclosed this Medium Severity CVE through Snyk. Prior to this CVE being published, XLTS.dev provided a fix in XLTS for AngularJS version 1.8.8 and emailed our XLTS for AngularJS announcement list about the release on April 21, 2022.

For a full list of known vulnerabilities in AngularJS (including those impacting older versions of AngularJS), you can visit the AngularJS vulnerabilities page on Snyk.

Sep 9, 2024