angular-expressions

npm4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting angular-expressionspage 1 of 1

CVE-2020-5219HIGHCVSS 8.7EG 8.7✓ Fixed in 1.0.1
2020-01-24
Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the bro…
CVE-2021-21277HIGHCVSS 8.5EG 8.5✓ Fixed in 1.1.2
2021-02-01
angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". In angular-expressions before version 1.1.2 there is a vulnerability which allows Remote Code Execution if you call "expressions.comp…
CVE-2024-54152CRITICALCVSS 9.3EG 0.0✓ Fixed in 1.4.3
2024-12-10
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a…
CVE-2026-44643CRITICALCVSS 10.0EG 10.0✓ Fixed in 1.5.2
2026-05-11
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. …

Check whether angular-expressions is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for angular-expressions CVEs against the assets you own.

Start Free Scan →