Skip to main content

Angular Expressions

3 CVEs product

Monthly

CVE-2026-44643 npm CRITICAL POC PATCH GHSA Act Now

Remote code execution in angular-expressions versions ≤1.5.1 allows unauthenticated network attackers to escape the expression sandbox via malicious filter payloads and execute arbitrary system commands with no user interaction required. CVSS 9.3 (Critical) with confirmed public exploit code available. Vendor-released patch in version 1.5.2 addresses the sandbox escape. Affects applications using angular-expressions as a standalone module for evaluating user-supplied Angular.JS expressions.

Code Injection RCE Angular Expressions
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2021-21277 npm HIGH PATCH This Week

angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Angular Expressions
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-5219 npm HIGH PATCH This Week

Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Angular Expressions
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

Remote code execution in angular-expressions versions ≤1.5.1 allows unauthenticated network attackers to escape the expression sandbox via malicious filter payloads and execute arbitrary system commands with no user interaction required. CVSS 9.3 (Critical) with confirmed public exploit code available. Vendor-released patch in version 1.5.2 addresses the sandbox escape. Affects applications using angular-expressions as a standalone module for evaluating user-supplied Angular.JS expressions.

Code Injection RCE Angular Expressions
NVD GitHub
EPSS 3% CVSS 8.8
HIGH PATCH This Week

angular-expressions is "angular's nicest part extracted as a standalone module for the browser and node". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Angular Expressions
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Angular Expressions
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy