HeroDevs
Visit AngularJS NES Home Page

Vulnerabilities Fixed in NES

Resolved vulnerabilities since AngularJS reached End‑of‑Life (EOL)

Since AngularJS reached End‑of‑Life (EOL) on December 31, 2021, a number of vulnerabilities have been fixed in AngularJS NES and AngularJS 1.5 NES, including some newly disclosed CVEs

  • CVE-2025-4690 - HeroDevs discovered the vulnerability during our routine scans and analysis and disclosed this Medium Severity CVE. Prior to this CVE being published, HeroDevs provided a fix in AngularJS NES versions 1.9.10 and 1.5.26 and notified our AngularJS announcement lists. The vulnerability has also been fixed in AngularJS NES version 1.4.16.
  • CVE-2025-2336 - HeroDevs discovered the vulnerability during our routine scans and analysis and disclosed this Medium Severity CVE. Prior to this CVE being published, HeroDevs provided a fix in AngularJS NES versions 1.9.9 and 1.5.25 and notified our AngularJS announcement lists. The vulnerability has also been fixed in AngularJS NES version 1.4.16.
  • CVE-2025-0716 - HeroDevs discovered the vulnerability during our routine scans and analysis and disclosed this Medium Severity CVE. Prior to this CVE being published, HeroDevs provided a fix in AngularJS NES versions 1.9.8 and 1.5.24 and notified our AngularJS announcement lists. The vulnerability has also been fixed in AngularJS NES version 1.4.16.
  • CVE-2024-8373 - HeroDevs discovered the vulnerability during our routine scans and analysis and disclosed this Medium Severity CVE. Prior to this CVE being published, HeroDevs provided a fix in AngularJS NES versions 1.9.6 and 1.5.22 and notified our AngularJS announcement lists. The vulnerability has also been fixed in AngularJS NES version 1.4.16.
  • CVE-2024-8372 - HeroDevs discovered the vulnerability during our routine scans and analysis and disclosed this Medium Severity CVE. Prior to this CVE being published, HeroDevs provided a fix in AngularJS NES versions 1.9.6 and 1.5.22 and notified our AngularJS announcement lists. The vulnerability has also been fixed in AngularJS NES version 1.4.16.
  • CVE-2024-21490 - HeroDevs discovered this vulnerability during our routine scans and analysis. We disclosed this High Severity CVE through Snyk. Prior to this CVE being published, HeroDevs provided a fix in AngularJS NES versions 1.9.3 and 1.5.19 and notified our AngularJS announcement lists. The vulnerability has also been fixed in AngularJS NES version 1.4.16.
  • CVE-2023-26118 - HeroDevs discovered this vulnerability during our routine scans and analysis. We disclosed this Medium Severity CVE through Snyk. Prior to this CVE being published, HeroDevs provided a fix in AngularJS NES versions 1.9.1 and 1.5.17 and notified our AngularJS announcement lists. The vulnerability has also been fixed in AngularJS NES version 1.4.16.
  • CVE-2023-26117 - HeroDevs discovered this vulnerability during our routine scans and analysis. We disclosed this Medium Severity CVE through Snyk. Prior to this CVE being published, HeroDevs provided a fix in AngularJS NES versions 1.9.1 and 1.5.17 and notified our AngularJS announcement lists. The vulnerability has also been fixed in AngularJS NES version 1.4.16.
  • CVE-2023-26116 - HeroDevs discovered this vulnerability during our routine scans and analysis. We disclosed this Medium Severity CVE through Snyk. Prior to this CVE being published, HeroDevs provided a fix in AngularJS NES versions 1.9.1 and 1.5.17 and notified our AngularJS announcement lists. The vulnerability has also been fixed in AngularJS NES version 1.4.16.
  • CVE-2022-25869 - HeroDevs discovered this vulnerability during our routine cross-browser End-To-End testing automation. We disclosed this Medium Severity CVE through Snyk. Prior to this CVE being published, HeroDevs provided a fix in AngularJS NES versions 1.9.0 and 1.5.16 and notified our AngularJS announcement lists. The vulnerability has also been fixed in AngularJS NES version 1.4.16.
  • CVE-2022-25844 - HeroDevs discovered this vulnerability during our routine scans and analysis. We disclosed this Medium Severity CVE through Snyk. Prior to this CVE being published, HeroDevs provided a fix in AngularJS NES version 1.8.8 and notified our AngularJS announcement lists.
  • SNYK-JS-ANGULAR-572020 - This High Severity vulnerability had already been fixed in AngularJS 1.8.x before reaching End‑of‑Life, but not in versions 1.5.x and 1.4.x. HeroDevs backported the fix and released it in AngularJS NES versions 1.5.13 and 1.4.16.
  • CVE-2020-7676 - This Medium Severity vulnerability had already been fixed in AngularJS 1.8.x before reaching End‑of‑Life, but not in versions 1.5.x and 1.4.x. HeroDevs backported the fix and released it in AngularJS NES versions 1.5.13 and 1.4.16.
  • CVE-2019-14863 - This High Severity vulnerability had already been fixed in AngularJS 1.8.x and 1.5.x before reaching End‑of‑Life, but not in version 1.4.x. HeroDevs backported the fix and released it in AngularJS NES version 1.4.16.
  • CVE-2019-10768 - This High Severity vulnerability had already been fixed in AngularJS 1.8.x before reaching End‑of‑Life, but not in versions 1.5.x and 1.4.x. HeroDevs backported the fix and released it in AngularJS NES versions 1.5.14 and 1.4.16.
  • SNYK-JS-ANGULAR-471885 - This Medium Severity vulnerability had already been fixed in AngularJS 1.8.x before reaching End‑of‑Life, but not in versions 1.5.x and 1.4.x. HeroDevs backported the fix and released it in AngularJS NES versions 1.5.14 and 1.4.16.
  • SNYK-JS-ANGULAR-471882 - This Medium Severity vulnerability had already been fixed in AngularJS 1.8.x before reaching End‑of‑Life, but not in versions 1.5.x and 1.4.x. HeroDevs backported the fix and released it in AngularJS NES versions 1.5.14 and 1.4.16.
  • SNYK-JS-ANGULAR-471879 - This Medium Severity vulnerability had already been fixed in AngularJS 1.8.x before reaching End‑of‑Life, but not in versions 1.5.x and 1.4.x. HeroDevs backported the fix and released it in AngularJS NES versions 1.5.15 and 1.4.16.
  • npm:angular:20180202 - This Medium Severity vulnerability had already been fixed in AngularJS 1.8.x before reaching End‑of‑Life, but not in versions 1.5.x and 1.4.x. HeroDevs backported the fix and released it in AngularJS NES versions 1.5.14 and 1.4.16.
  • npm:angular:20171018 - This Medium Severity vulnerability had already been fixed in AngularJS 1.8.x before reaching End‑of‑Life, but not in versions 1.5.x and 1.4.x. HeroDevs backported the fix and released it in AngularJS NES versions 1.5.13 and 1.4.16.
  • npm:angular:20160122 - This Medium Severity vulnerability had already been fixed in AngularJS 1.8.x and 1.5.x before reaching End‑of‑Life, but not in version 1.4.x. HeroDevs backported the fix and released it in AngularJS NES version 1.4.16.
  • npm:angular:20151205 - This Medium Severity vulnerability had already been fixed in AngularJS 1.8.x and 1.5.x before reaching End‑of‑Life, but not in version 1.4.x. HeroDevs backported the fix and released it in AngularJS NES version 1.4.16.
  • npm:angular:20150909 - This High Severity vulnerability had already been fixed in AngularJS 1.8.x and 1.5.x before reaching End‑of‑Life, but not in version 1.4.x. HeroDevs backported the fix and released it in AngularJS NES version 1.4.16.
  • npm:angular:20150807-1 - This Medium Severity vulnerability had already been fixed in AngularJS 1.8.x and 1.5.x before reaching End‑of‑Life, but not in version 1.4.x. HeroDevs backported the fix and released it in AngularJS NES version 1.4.16.
  • npm:angular:20150315 - This Medium Severity vulnerability had already been fixed in AngularJS 1.8.x before reaching End‑of‑Life, but not in versions 1.5.x and 1.4.x. HeroDevs backported the fix and released it in AngularJS NES versions 1.5.15 and 1.4.16.

For a full list of known vulnerabilities in AngularJS (including those impacting older versions of AngularJS), you can visit the AngularJS vulnerabilities page on Snyk.

Types of Fixes
Can you provide detail on the kind of fixes included?
Previous Article
Configuring from XLTS
How do I configure AngularJS if I was an XLTS customer?
Next Article