NVD Listing:- NVD - CVE-2025-4690

Bug Fixes 

ngSanitize: Fixed a Regular Expression Denial of Service (ReDoS) vulnerability in the linky filter’s URL-matching regex. The previous pattern could exhibit super-linear runtime due to catastrophic backtracking, allowing malicious input to hang the application. The updated implementation uses a hardened regex that prevents backtracking while preserving correct URL and email detection.

NVD LIsting : NVD - CVE-2019-10768

Fixes

• merge(): Addressed an issue where the function merge() could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload (CVE-2019-10768). 
• textarea: Addressed an issue where, in Internet Explorer (IE), value interpolation was omitted in <textarea> elements when using the browser back/forward functionality. For details, see CVE-2022-25869 and SNYK-JS-ANGULAR-2949781.  
• JQLite: Addressed an issue that prevented possible Cross-site Scripting (XSS) due to regex-based HTML replacement. For details, see SNYK-JS-ANGULAR-572020. 
• $sanitize: Addressed an issue that prevented clobbered elements from freezing the browser. For details, see SNYK-JS-ANGULAR-471885. 
• $sanitize: Improved $sanitize to use appropriate inert document strategy for Firefox and Safari. If needed, use a DOMParser or XHR strategy to address XSS vulnerability. For details, see SNYK-JS-ANGULAR-471882. 
• sanitizeUri: Fixed Cross-site Scripting (XSS) by sanitizing URIs that contain IDEOGRAPHIC SPACE chars. For details, see SNYK npm:angular:20171018. 

NVD Listing: NVD - CVE-2025-4690

Bug Fixes 

• ngSanitize: Fixed a Regular Expression Denial of Service (ReDoS) vulnerability in the linky filter’s URL-matching regex. The previous pattern could exhibit super-linear runtime due to catastrophic backtracking, allowing malicious input to hang the application. The updated implementation uses a hardened regex that prevents backtracking while preserving correct URL and email detection. For more details, see CVE-2025-4690. 

NVD Listing: NVD - CVE-2025-4690

Bug Fixes 

• ngSanitize: Fixed a Regular Expression Denial of Service (ReDoS) vulnerability in the linky filter’s URL-matching regex. The previous pattern could exhibit super-linear runtime due to catastrophic backtracking, allowing malicious input to hang the application. The updated implementation uses a hardened regex that prevents backtracking while preserving correct URL and email detection. For more details, see CVE-2025-4690. 

NVD Listing::- NVD - CVE-2025-2336

Bug Fixes 

• ngSanitize: AngularJS SVG image content spoofing vulnerability allows attackers to bypass common image source restrictions normally applied to image elements. URI attributes on SVG <image> tags (href, xlink:href, ng-href) are now properly sanitized. For more details, see CVE-2025-2336. 

NVD Listing :- NVD - CVE-2025-2336

Bug Fixes 

• ngSanitize: AngularJS SVG image content spoofing vulnerability allows attackers to bypass common image source restrictions normally applied to image elements. URI attributes on SVG <image> tags (href, xlink:href, ng-href) are now properly sanitized. For more details, see CVE-2025-2336. 

NVD Listing :- NVD - CVE-2025-2336

Bug Fixes 

• ngSanitize: AngularJS SVG image content spoofing vulnerability allows attackers to bypass common image source restrictions normally applied to image elements. URI attributes on SVG <image> tags (href, xlink:href, ng-href) are now properly sanitized. For more details, see CVE-2025-2336.