NodeJS/angular/1.6.4


HTML enhanced for web apps

https://www.npmjs.com/package/angular
MIT

8 Security Vulnerabilities

angular vulnerable to regular expression denial of service via the $resource service

Published date: 2023-03-30T06:30:26Z
CVE: CVE-2023-26117
Links:

All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

Affected versions: ["0.0.1", "0.0.1-1", "0.0.1-2", "0.0.2", "0.0.3", "0.0.4", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.0.5", "1.0.6", "1.0.7", "1.0.8", "1.1.0", "1.1.1", "1.1.2", "1.1.3", "1.1.4", "1.1.5", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.2.7", "1.2.8", "1.2.9", "1.2.10", "1.2.11", "1.2.12", "1.2.13", "1.2.14", "1.2.15", "1.2.16", "1.2.17", "1.2.18", "1.2.19", "1.2.20", "1.2.21", "1.2.22", "1.2.23", "1.3.0-rc.5", "1.3.0", "1.3.1", "1.3.2", "1.3.3", "1.3.4-build.3588", "1.2.27", "1.3.4", "1.3.5", "1.3.6", "1.3.7", "1.2.28", "1.3.8", "1.4.0-beta.0", "1.3.9", "1.3.10", "1.4.0-beta.1", "1.4.0-beta.2", "1.3.11", "1.4.0-beta.3", "1.3.12", "1.3.13", "1.4.0-beta.4", "1.3.14", "1.4.0-beta.5", "1.4.0-beta.6", "1.3.15", "1.4.0-rc.0", "1.4.0-rc.1", "1.4.0-rc.2", "1.4.0", "1.3.16", "1.4.1", "1.4.2", "1.3.17", "1.4.3", "1.4.4", "1.3.18", "1.4.5", "1.3.19", "1.4.6", "1.5.0-beta.0", "1.2.29", "1.3.20", "1.4.7", "1.5.0-beta.2", "1.4.8", "1.5.0-rc.0", "1.5.0-rc.1", "1.4.9", "1.5.0-rc.2", "1.5.0", "1.5.1", "1.4.10", "1.5.2", "1.5.3", "1.5.5", "1.4.11", "1.5.6", "1.4.12", "1.5.7", "1.2.30", "1.5.8", "1.4.13", "1.2.31", "1.2.32", "1.4.14", "1.6.0-rc.0", "1.6.0-rc.1", "1.5.9", "1.6.0-rc.2", "1.6.0", "1.5.10", "1.6.1", "1.5.11", "1.6.2", "1.6.3", "1.6.4", "1.6.5", "1.6.6", "1.6.7", "1.6.8", "1.6.9", "1.6.10", "1.7.0-rc.0", "1.7.0", "1.7.1", "1.7.2", "1.7.3", "1.7.4", "1.7.5", "1.7.6", "1.7.7", "1.7.8", "1.7.9", "1.8.0", "1.8.1", "1.8.2", "1.8.3"]
Secure versions: []

angular vulnerable to regular expression denial of service via the angular.copy() utility

Published date: 2023-03-30T06:30:26Z
CVE: CVE-2023-26116
Links:

All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

Affected versions: ["0.0.1", "0.0.1-1", "0.0.1-2", "0.0.2", "0.0.3", "0.0.4", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.0.5", "1.0.6", "1.0.7", "1.0.8", "1.1.0", "1.1.1", "1.1.2", "1.1.3", "1.1.4", "1.1.5", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.2.7", "1.2.8", "1.2.9", "1.2.10", "1.2.11", "1.2.12", "1.2.13", "1.2.14", "1.2.15", "1.2.16", "1.2.17", "1.2.18", "1.2.19", "1.2.20", "1.2.21", "1.2.22", "1.2.23", "1.3.0-rc.5", "1.3.0", "1.3.1", "1.3.2", "1.3.3", "1.3.4-build.3588", "1.2.27", "1.3.4", "1.3.5", "1.3.6", "1.3.7", "1.2.28", "1.3.8", "1.4.0-beta.0", "1.3.9", "1.3.10", "1.4.0-beta.1", "1.4.0-beta.2", "1.3.11", "1.4.0-beta.3", "1.3.12", "1.3.13", "1.4.0-beta.4", "1.3.14", "1.4.0-beta.5", "1.4.0-beta.6", "1.3.15", "1.4.0-rc.0", "1.4.0-rc.1", "1.4.0-rc.2", "1.4.0", "1.3.16", "1.4.1", "1.4.2", "1.3.17", "1.4.3", "1.4.4", "1.3.18", "1.4.5", "1.3.19", "1.4.6", "1.5.0-beta.0", "1.2.29", "1.3.20", "1.4.7", "1.5.0-beta.2", "1.4.8", "1.5.0-rc.0", "1.5.0-rc.1", "1.4.9", "1.5.0-rc.2", "1.5.0", "1.5.1", "1.4.10", "1.5.2", "1.5.3", "1.5.5", "1.4.11", "1.5.6", "1.4.12", "1.5.7", "1.2.30", "1.5.8", "1.4.13", "1.2.31", "1.2.32", "1.4.14", "1.6.0-rc.0", "1.6.0-rc.1", "1.5.9", "1.6.0-rc.2", "1.6.0", "1.5.10", "1.6.1", "1.5.11", "1.6.2", "1.6.3", "1.6.4", "1.6.5", "1.6.6", "1.6.7", "1.6.8", "1.6.9", "1.6.10", "1.7.0-rc.0", "1.7.0", "1.7.1", "1.7.2", "1.7.3", "1.7.4", "1.7.5", "1.7.6", "1.7.7", "1.7.8", "1.7.9", "1.8.0", "1.8.1", "1.8.2", "1.8.3"]
Secure versions: []

angular vulnerable to super-linear runtime due to backtracking

Published date: 2024-02-10T06:30:19Z
CVE: CVE-2024-21490
Links:

This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service.

Note:

This package is EOL and will not receive any updates to address this issue. Users should migrate to @angular/core.

Affected versions: ["1.3.0", "1.3.1", "1.3.2", "1.3.3", "1.3.4-build.3588", "1.3.4", "1.3.5", "1.3.6", "1.3.7", "1.3.8", "1.4.0-beta.0", "1.3.9", "1.3.10", "1.4.0-beta.1", "1.4.0-beta.2", "1.3.11", "1.4.0-beta.3", "1.3.12", "1.3.13", "1.4.0-beta.4", "1.3.14", "1.4.0-beta.5", "1.4.0-beta.6", "1.3.15", "1.4.0-rc.0", "1.4.0-rc.1", "1.4.0-rc.2", "1.4.0", "1.3.16", "1.4.1", "1.4.2", "1.3.17", "1.4.3", "1.4.4", "1.3.18", "1.4.5", "1.3.19", "1.4.6", "1.5.0-beta.0", "1.3.20", "1.4.7", "1.5.0-beta.2", "1.4.8", "1.5.0-rc.0", "1.5.0-rc.1", "1.4.9", "1.5.0-rc.2", "1.5.0", "1.5.1", "1.4.10", "1.5.2", "1.5.3", "1.5.5", "1.4.11", "1.5.6", "1.4.12", "1.5.7", "1.5.8", "1.4.13", "1.4.14", "1.6.0-rc.0", "1.6.0-rc.1", "1.5.9", "1.6.0-rc.2", "1.6.0", "1.5.10", "1.6.1", "1.5.11", "1.6.2", "1.6.3", "1.6.4", "1.6.5", "1.6.6", "1.6.7", "1.6.8", "1.6.9", "1.6.10", "1.7.0-rc.0", "1.7.0", "1.7.1", "1.7.2", "1.7.3", "1.7.4", "1.7.5", "1.7.6", "1.7.7", "1.7.8", "1.7.9", "1.8.0", "1.8.1", "1.8.2", "1.8.3"]
Secure versions: []

XSS via JQLite DOM manipulation functions in AngularJS

Published date: 2020-08-05T21:47:02Z
Links:

Summary

XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith, JQLite.append, new JQLite and angular.element.

Description

JQLite (DOM manipulation library that's part of AngularJS) manipulates input HTML before inserting it to the DOM in jqLiteBuildFragment.

One of the modifications performed expands an XHTML self-closing tag.

If jqLiteBuildFragment is called (e.g. via new JQLite(aString)) with user-controlled HTML string that was sanitized (e.g. with DOMPurify), the transformation done by JQLite may modify some forms of an inert, sanitized payload into a payload containing JavaScript - and trigger an XSS when the payload is inserted into DOM.

This is similar to a bug in jQuery htmlPrefilter function that was fixed in 3.5.0.

Proof of concept

const inertPayload = `<div><style><style/><img src=x onerror="alert(1337)"/>` 

Note that the style element is not closed and <img would be a text node inside the style if inserted into the DOM as-is. As such, some HTML sanitizers would leave the <img as is without processing it and stripping the onerror attribute.

angular.element(document).append(inertPayload);

This will alert, as <style/> will be replaced with <style></style> before adding it to the DOM, closing the style element early and reactivating img.

Patches

The issue is patched in JQLite bundled with angular 1.8.0. AngularJS users using JQuery should upgrade JQuery to 3.5.0, as a similar vulnerability affects jQuery <3.5.0.

Workarounds

Changing sanitizer configuration not to allow certain tag grouping (e.g. <option><style></option>) or inline style elements may stop certain exploitation vectors, but it's uncertain if all possible exploitation vectors would be covered. Upgrade of AngularJS to 1.8.0 is recommended.

References

https://github.com/advisories/GHSA-mhp6-pxh8-r675 https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2 https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://snyk.io/vuln/SNYK-JS-ANGULAR-570058

Affected versions: ["0.0.1", "0.0.1-1", "0.0.1-2", "0.0.2", "0.0.3", "0.0.4", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.0.5", "1.0.6", "1.0.7", "1.0.8", "1.1.0", "1.1.1", "1.1.2", "1.1.3", "1.1.4", "1.1.5", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.2.7", "1.2.8", "1.2.9", "1.2.10", "1.2.11", "1.2.12", "1.2.13", "1.2.14", "1.2.15", "1.2.16", "1.2.17", "1.2.18", "1.2.19", "1.2.20", "1.2.21", "1.2.22", "1.2.23", "1.3.0-rc.5", "1.3.0", "1.3.1", "1.3.2", "1.3.3", "1.3.4-build.3588", "1.2.27", "1.3.4", "1.3.5", "1.3.6", "1.3.7", "1.2.28", "1.3.8", "1.4.0-beta.0", "1.3.9", "1.3.10", "1.4.0-beta.1", "1.4.0-beta.2", "1.3.11", "1.4.0-beta.3", "1.3.12", "1.3.13", "1.4.0-beta.4", "1.3.14", "1.4.0-beta.5", "1.4.0-beta.6", "1.3.15", "1.4.0-rc.0", "1.4.0-rc.1", "1.4.0-rc.2", "1.4.0", "1.3.16", "1.4.1", "1.4.2", "1.3.17", "1.4.3", "1.4.4", "1.3.18", "1.4.5", "1.3.19", "1.4.6", "1.5.0-beta.0", "1.2.29", "1.3.20", "1.4.7", "1.5.0-beta.2", "1.4.8", "1.5.0-rc.0", "1.5.0-rc.1", "1.4.9", "1.5.0-rc.2", "1.5.0", "1.5.1", "1.4.10", "1.5.2", "1.5.3", "1.5.5", "1.4.11", "1.5.6", "1.4.12", "1.5.7", "1.2.30", "1.5.8", "1.4.13", "1.2.31", "1.2.32", "1.4.14", "1.6.0-rc.0", "1.6.0-rc.1", "1.5.9", "1.6.0-rc.2", "1.6.0", "1.5.10", "1.6.1", "1.5.11", "1.6.2", "1.6.3", "1.6.4", "1.6.5", "1.6.6", "1.6.7", "1.6.8", "1.6.9", "1.6.10", "1.7.0-rc.0", "1.7.0", "1.7.1", "1.7.2", "1.7.3", "1.7.4", "1.7.5", "1.7.6", "1.7.7", "1.7.8", "1.7.9"]
Secure versions: []

Prototype Pollution in angular

Published date: 2019-11-20T15:29:43Z
CVE: CVE-2019-10768
Links:

Versions of angular prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API function merge() does not restrict the modification of an Object's prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects.

Recommendation

Upgrade to version 1.7.9 or later. The function was already deprecated and upgrades are not expected to break functionality.

Affected versions: ["0.0.1", "0.0.1-1", "0.0.1-2", "0.0.2", "0.0.3", "0.0.4", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.0.5", "1.0.6", "1.0.7", "1.0.8", "1.1.0", "1.1.1", "1.1.2", "1.1.3", "1.1.4", "1.1.5", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.2.7", "1.2.8", "1.2.9", "1.2.10", "1.2.11", "1.2.12", "1.2.13", "1.2.14", "1.2.15", "1.2.16", "1.2.17", "1.2.18", "1.2.19", "1.2.20", "1.2.21", "1.2.22", "1.2.23", "1.3.0-rc.5", "1.3.0", "1.3.1", "1.3.2", "1.3.3", "1.3.4-build.3588", "1.2.27", "1.3.4", "1.3.5", "1.3.6", "1.3.7", "1.2.28", "1.3.8", "1.4.0-beta.0", "1.3.9", "1.3.10", "1.4.0-beta.1", "1.4.0-beta.2", "1.3.11", "1.4.0-beta.3", "1.3.12", "1.3.13", "1.4.0-beta.4", "1.3.14", "1.4.0-beta.5", "1.4.0-beta.6", "1.3.15", "1.4.0-rc.0", "1.4.0-rc.1", "1.4.0-rc.2", "1.4.0", "1.3.16", "1.4.1", "1.4.2", "1.3.17", "1.4.3", "1.4.4", "1.3.18", "1.4.5", "1.3.19", "1.4.6", "1.5.0-beta.0", "1.2.29", "1.3.20", "1.4.7", "1.5.0-beta.2", "1.4.8", "1.5.0-rc.0", "1.5.0-rc.1", "1.4.9", "1.5.0-rc.2", "1.5.0", "1.5.1", "1.4.10", "1.5.2", "1.5.3", "1.5.5", "1.4.11", "1.5.6", "1.4.12", "1.5.7", "1.2.30", "1.5.8", "1.4.13", "1.2.31", "1.2.32", "1.4.14", "1.6.0-rc.0", "1.6.0-rc.1", "1.5.9", "1.6.0-rc.2", "1.6.0", "1.5.10", "1.6.1", "1.5.11", "1.6.2", "1.6.3", "1.6.4", "1.6.5", "1.6.6", "1.6.7", "1.6.8", "1.6.9", "1.6.10", "1.7.0-rc.0", "1.7.0", "1.7.1", "1.7.2", "1.7.3", "1.7.4", "1.7.5", "1.7.6", "1.7.7", "1.7.8"]
Secure versions: []

Cross site scripting in Angular

Published date: 2020-06-18T14:19:58Z
CVE: CVE-2020-7676
Links:

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping <option> elements in <select> ones changes parsing behavior, leading to possibly unsanitizing code.

Affected versions: ["0.0.1", "0.0.1-1", "0.0.1-2", "0.0.2", "0.0.3", "0.0.4", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.0.5", "1.0.6", "1.0.7", "1.0.8", "1.1.0", "1.1.1", "1.1.2", "1.1.3", "1.1.4", "1.1.5", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.2.7", "1.2.8", "1.2.9", "1.2.10", "1.2.11", "1.2.12", "1.2.13", "1.2.14", "1.2.15", "1.2.16", "1.2.17", "1.2.18", "1.2.19", "1.2.20", "1.2.21", "1.2.22", "1.2.23", "1.3.0-rc.5", "1.3.0", "1.3.1", "1.3.2", "1.3.3", "1.3.4-build.3588", "1.2.27", "1.3.4", "1.3.5", "1.3.6", "1.3.7", "1.2.28", "1.3.8", "1.4.0-beta.0", "1.3.9", "1.3.10", "1.4.0-beta.1", "1.4.0-beta.2", "1.3.11", "1.4.0-beta.3", "1.3.12", "1.3.13", "1.4.0-beta.4", "1.3.14", "1.4.0-beta.5", "1.4.0-beta.6", "1.3.15", "1.4.0-rc.0", "1.4.0-rc.1", "1.4.0-rc.2", "1.4.0", "1.3.16", "1.4.1", "1.4.2", "1.3.17", "1.4.3", "1.4.4", "1.3.18", "1.4.5", "1.3.19", "1.4.6", "1.5.0-beta.0", "1.2.29", "1.3.20", "1.4.7", "1.5.0-beta.2", "1.4.8", "1.5.0-rc.0", "1.5.0-rc.1", "1.4.9", "1.5.0-rc.2", "1.5.0", "1.5.1", "1.4.10", "1.5.2", "1.5.3", "1.5.5", "1.4.11", "1.5.6", "1.4.12", "1.5.7", "1.2.30", "1.5.8", "1.4.13", "1.2.31", "1.2.32", "1.4.14", "1.6.0-rc.0", "1.6.0-rc.1", "1.5.9", "1.6.0-rc.2", "1.6.0", "1.5.10", "1.6.1", "1.5.11", "1.6.2", "1.6.3", "1.6.4", "1.6.5", "1.6.6", "1.6.7", "1.6.8", "1.6.9", "1.6.10", "1.7.0-rc.0", "1.7.0", "1.7.1", "1.7.2", "1.7.3", "1.7.4", "1.7.5", "1.7.6", "1.7.7", "1.7.8", "1.7.9"]
Secure versions: []

Angular (deprecated package) Cross-site Scripting

Published date: 2022-07-16T00:00:20Z
CVE: CVE-2022-25869
Links:

All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.

NPM package angular is deprecated. Those who want to receive security updates should use the actively maintained package @angular/core.

Affected versions: ["0.0.1", "0.0.1-1", "0.0.1-2", "0.0.2", "0.0.3", "0.0.4", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.0.5", "1.0.6", "1.0.7", "1.0.8", "1.1.0", "1.1.1", "1.1.2", "1.1.3", "1.1.4", "1.1.5", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.2.7", "1.2.8", "1.2.9", "1.2.10", "1.2.11", "1.2.12", "1.2.13", "1.2.14", "1.2.15", "1.2.16", "1.2.17", "1.2.18", "1.2.19", "1.2.20", "1.2.21", "1.2.22", "1.2.23", "1.3.0-rc.5", "1.3.0", "1.3.1", "1.3.2", "1.3.3", "1.3.4-build.3588", "1.2.27", "1.3.4", "1.3.5", "1.3.6", "1.3.7", "1.2.28", "1.3.8", "1.4.0-beta.0", "1.3.9", "1.3.10", "1.4.0-beta.1", "1.4.0-beta.2", "1.3.11", "1.4.0-beta.3", "1.3.12", "1.3.13", "1.4.0-beta.4", "1.3.14", "1.4.0-beta.5", "1.4.0-beta.6", "1.3.15", "1.4.0-rc.0", "1.4.0-rc.1", "1.4.0-rc.2", "1.4.0", "1.3.16", "1.4.1", "1.4.2", "1.3.17", "1.4.3", "1.4.4", "1.3.18", "1.4.5", "1.3.19", "1.4.6", "1.5.0-beta.0", "1.2.29", "1.3.20", "1.4.7", "1.5.0-beta.2", "1.4.8", "1.5.0-rc.0", "1.5.0-rc.1", "1.4.9", "1.5.0-rc.2", "1.5.0", "1.5.1", "1.4.10", "1.5.2", "1.5.3", "1.5.5", "1.4.11", "1.5.6", "1.4.12", "1.5.7", "1.2.30", "1.5.8", "1.4.13", "1.2.31", "1.2.32", "1.4.14", "1.6.0-rc.0", "1.6.0-rc.1", "1.5.9", "1.6.0-rc.2", "1.6.0", "1.5.10", "1.6.1", "1.5.11", "1.6.2", "1.6.3", "1.6.4", "1.6.5", "1.6.6", "1.6.7", "1.6.8", "1.6.9", "1.6.10", "1.7.0-rc.0", "1.7.0", "1.7.1", "1.7.2", "1.7.3", "1.7.4", "1.7.5", "1.7.6", "1.7.7", "1.7.8", "1.7.9", "1.8.0", "1.8.1", "1.8.2", "1.8.3"]
Secure versions: []

angular vulnerable to regular expression denial of service via the <input type="url"> element

Published date: 2023-03-30T06:30:25Z
CVE: CVE-2023-26118
Links:

All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.

Affected versions: ["0.0.1", "0.0.1-1", "0.0.1-2", "0.0.2", "0.0.3", "0.0.4", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.0.5", "1.0.6", "1.0.7", "1.0.8", "1.1.0", "1.1.1", "1.1.2", "1.1.3", "1.1.4", "1.1.5", "1.2.0", "1.2.1", "1.2.2", "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.2.7", "1.2.8", "1.2.9", "1.2.10", "1.2.11", "1.2.12", "1.2.13", "1.2.14", "1.2.15", "1.2.16", "1.2.17", "1.2.18", "1.2.19", "1.2.20", "1.2.21", "1.2.22", "1.2.23", "1.3.0-rc.5", "1.3.0", "1.3.1", "1.3.2", "1.3.3", "1.3.4-build.3588", "1.2.27", "1.3.4", "1.3.5", "1.3.6", "1.3.7", "1.2.28", "1.3.8", "1.4.0-beta.0", "1.3.9", "1.3.10", "1.4.0-beta.1", "1.4.0-beta.2", "1.3.11", "1.4.0-beta.3", "1.3.12", "1.3.13", "1.4.0-beta.4", "1.3.14", "1.4.0-beta.5", "1.4.0-beta.6", "1.3.15", "1.4.0-rc.0", "1.4.0-rc.1", "1.4.0-rc.2", "1.4.0", "1.3.16", "1.4.1", "1.4.2", "1.3.17", "1.4.3", "1.4.4", "1.3.18", "1.4.5", "1.3.19", "1.4.6", "1.5.0-beta.0", "1.2.29", "1.3.20", "1.4.7", "1.5.0-beta.2", "1.4.8", "1.5.0-rc.0", "1.5.0-rc.1", "1.4.9", "1.5.0-rc.2", "1.5.0", "1.5.1", "1.4.10", "1.5.2", "1.5.3", "1.5.5", "1.4.11", "1.5.6", "1.4.12", "1.5.7", "1.2.30", "1.5.8", "1.4.13", "1.2.31", "1.2.32", "1.4.14", "1.6.0-rc.0", "1.6.0-rc.1", "1.5.9", "1.6.0-rc.2", "1.6.0", "1.5.10", "1.6.1", "1.5.11", "1.6.2", "1.6.3", "1.6.4", "1.6.5", "1.6.6", "1.6.7", "1.6.8", "1.6.9", "1.6.10", "1.7.0-rc.0", "1.7.0", "1.7.1", "1.7.2", "1.7.3", "1.7.4", "1.7.5", "1.7.6", "1.7.7", "1.7.8", "1.7.9", "1.8.0", "1.8.1", "1.8.2", "1.8.3"]
Secure versions: []

144 Other Versions

Version License Security Released
1.8.3 MIT 6 2022-04-07 - 22:12 almost 2 years
1.8.2 MIT 6 2020-10-21 - 11:58 over 3 years
1.8.1 MIT 6 2020-10-05 - 13:27 over 3 years
1.8.0 MIT 6 2020-06-04 - 16:24 almost 4 years
1.7.9 MIT 8 2019-11-19 - 09:30 over 4 years
1.7.8 MIT 9 2019-03-11 - 11:41 about 5 years
1.7.7 MIT 9 2019-02-04 - 13:18 about 5 years
1.7.6 MIT 9 2019-01-17 - 09:45 about 5 years
1.7.5 MIT 9 2018-10-04 - 14:16 over 5 years
1.7.4 MIT 9 2018-09-07 - 09:30 over 5 years
1.7.3 MIT 9 2018-08-08 - 19:19 over 5 years
1.7.2 MIT 9 2018-06-12 - 15:27 almost 6 years
1.7.1 MIT 9 2018-06-08 - 14:32 almost 6 years
1.7.0 MIT 9 2018-05-11 - 15:01 almost 6 years
1.7.0-rc.0 MIT 8 2018-04-19 - 09:09 almost 6 years
1.6.10 MIT 8 2018-04-17 - 17:48 almost 6 years
1.6.9 MIT 8 2018-02-02 - 13:13 about 6 years
1.6.8 MIT 8 2017-12-21 - 22:09 over 6 years
1.6.7 MIT 8 2017-11-24 - 18:20 over 6 years
1.6.6 MIT 8 2017-08-18 - 14:39 over 6 years
1.6.5 MIT 8 2017-07-03 - 19:52 over 6 years
1.6.4 MIT 8 2017-03-31 - 09:31 almost 7 years
1.6.3 MIT 8 2017-03-08 - 12:38 about 7 years
1.6.2 MIT 8 2017-02-07 - 13:59 about 7 years
1.6.1 MIT 8 2016-12-23 - 11:00 over 7 years
1.6.0 MIT 8 2016-12-08 - 12:16 over 7 years
1.6.0-rc.2 MIT 9 2016-11-24 - 22:07 over 7 years
1.6.0-rc.1 MIT 9 2016-11-21 - 14:01 over 7 years
1.6.0-rc.0 MIT 9 2016-10-27 - 20:13 over 7 years
1.5.11 MIT 9 2017-01-12 - 23:45 about 7 years
1.5.10 MIT 9 2016-12-16 - 10:47 over 7 years
1.5.9 MIT 9 2016-11-24 - 20:17 over 7 years
1.5.8 MIT 9 2016-07-22 - 15:29 over 7 years
1.5.7 MIT 9 2016-06-15 - 19:26 almost 8 years
1.5.6 MIT 9 2016-05-27 - 17:30 almost 8 years
1.5.5 MIT 9 2016-04-18 - 09:47 almost 8 years
1.5.3 MIT 9 2016-03-25 - 20:35 about 8 years
1.5.2 MIT 9 2016-03-18 - 22:59 about 8 years
1.5.1 MIT 9 2016-03-16 - 13:35 about 8 years
1.5.0 MIT 9 2016-02-05 - 12:01 about 8 years
1.5.0-rc.2 MIT 9 2016-01-28 - 12:26 about 8 years
1.5.0-rc.1 MIT 9 2016-01-15 - 22:28 about 8 years
1.5.0-rc.0 MIT 9 2015-12-09 - 14:35 over 8 years
1.5.0-beta.2 MIT 9 2015-11-18 - 00:22 over 8 years
1.5.0-beta.0 MIT 10 2015-09-17 - 14:01 over 8 years
1.4.14 MIT 10 2016-10-11 - 17:45 over 7 years
1.4.13 MIT 10 2016-10-10 - 21:46 over 7 years
1.4.12 MIT 10 2016-06-15 - 17:58 almost 8 years
1.4.11 MIT 10 2016-05-27 - 12:17 almost 8 years
1.4.10 MIT 10 2016-03-16 - 19:58 about 8 years
1.4.9 MIT 10 2016-01-21 - 13:22 about 8 years
1.4.8 MIT 10 2015-11-20 - 08:13 over 8 years
1.4.7 MIT 10 2015-09-29 - 23:06 over 8 years
1.4.6 MIT 10 2015-09-17 - 12:28 over 8 years
1.4.5 MIT 10 2015-08-28 - 19:58 over 8 years
1.4.4 MIT 10 2015-08-13 - 18:56 over 8 years
1.4.3 MIT 10 2015-07-15 - 02:01 over 8 years
1.4.2 MIT 10 2015-07-06 - 21:30 over 8 years
1.4.1 MIT 10 2015-06-16 - 14:11 almost 9 years
1.4.0 MIT 10 2015-05-27 - 01:48 almost 9 years
1.4.0-rc.2 MIT 10 2015-05-12 - 19:24 almost 9 years
1.4.0-rc.1 MIT 10 2015-04-24 - 18:59 almost 9 years
1.4.0-rc.0 MIT 10 2015-04-10 - 18:09 almost 9 years
1.4.0-beta.6 MIT 10 2015-03-17 - 12:17 about 9 years
1.4.0-beta.5 MIT 10 2015-02-24 - 19:39 about 9 years
1.4.0-beta.4 MIT 10 2015-02-09 - 11:29 about 9 years
1.4.0-beta.3 MIT 10 2015-02-03 - 21:36 about 9 years
1.4.0-beta.2 MIT 10 2015-01-26 - 23:14 about 9 years
1.4.0-beta.1 MIT 10 2015-01-20 - 20:55 about 9 years
1.4.0-beta.0 MIT 10 2015-01-14 - 21:25 about 9 years
1.3.20 MIT 10 2015-09-29 - 22:34 over 8 years
1.3.19 MIT 10 2015-09-16 - 21:19 over 8 years
1.3.18 MIT 10 2015-08-18 - 22:40 over 8 years
1.3.17 MIT 10 2015-07-06 - 21:53 over 8 years
1.3.16 MIT 10 2015-06-05 - 21:20 almost 9 years
1.3.15 MIT 10 2015-03-17 - 13:15 about 9 years
1.3.14 MIT 10 2015-02-24 - 19:10 about 9 years
1.3.13 MIT 10 2015-02-09 - 11:10 about 9 years
1.3.12 MIT 10 2015-02-03 - 21:51 about 9 years
1.3.11 MIT 10 2015-01-26 - 23:34 about 9 years
1.3.10 MIT 10 2015-01-20 - 20:39 about 9 years
1.3.9 MIT 10 2015-01-14 - 23:22 about 9 years
1.3.8 MIT 10 2014-12-19 - 21:43 over 9 years
1.3.7 MIT 10 2014-12-15 - 22:02 over 9 years
1.3.6 MIT 10 2014-12-09 - 00:28 over 9 years
1.3.5 MIT 10 2014-12-02 - 05:35 over 9 years
1.3.4 MIT 10 2014-11-24 - 23:46 over 9 years
1.3.4-build.3588 MIT 10 2014-11-20 - 22:52 over 9 years
1.3.3 MIT 10 2014-11-18 - 08:09 over 9 years
1.3.2 MIT 10 2014-11-07 - 19:31 over 9 years
1.3.1 MIT 10 2014-10-31 - 17:49 over 9 years
1.3.0 MIT 10 2014-10-13 - 22:39 over 9 years
1.3.0-rc.5 MIT 9 2014-10-08 - 23:07 over 9 years
1.2.32 MIT 9 2016-10-11 - 17:12 over 7 years
1.2.31 MIT 9 2016-10-11 - 08:53 over 7 years
1.2.30 MIT 9 2016-07-21 - 10:34 over 7 years
1.2.29 MIT 9 2015-09-29 - 22:02 over 8 years
1.2.28 MIT 9 2014-12-15 - 22:36 over 9 years
1.2.27 MIT 9 2014-11-20 - 23:32 over 9 years
1.2.23 MIT 9 2014-08-31 - 00:18 over 9 years