{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:721a009c-c51f-5324-9721-7d0d60f28022", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1", "type": "library", "name": "@angular/animations", "version": "14.2.12-tuxcare.1", "purl": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4926606f-b7da-5208-8675-31765830aa3c", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 14.2.12-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:31a68b1c-1972-5126-8a44-26b65126441d", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 14.2.12-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0d22d3a9-c2e5-5775-9d7a-cc56c0ac5a6f", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 14.2.12-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:caa0a8cb-536a-5731-bacb-aa4061cca4fc", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 14.2.12-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0f361cf3-a7d6-52e0-99a1-1b7e8b9c6bf0", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 14.2.12-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f991b47-412a-571d-8bcf-1f251cc95194", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 14.2.12-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0624af00-6492-5740-b658-cc81f433a858", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 14.2.12-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb8236ee-33e4-5f6c-a179-52df0fcecaf6", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 14.2.12-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2a3c0f7a-73a1-51e9-8364-c76ef9041a83", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 14.2.12-tuxcare.1 of @angular/animations. not_affected \u2014 Angular v14.2.12-tuxcare.1 is not affected by CVE-2026-50170. The HTTP TransferCache feature and client hydration mechanism that contain the vulnerability were introduced in Angular v16+. This version predates that feature introduction and does not have the vulnerable code path." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f6979ad5-8dde-50b7-879c-4d44494264a7", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 14.2.12-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3dc75395-50de-58aa-b480-1b8027e8a8d7", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 14.2.12-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7baa9b04-e673-50d7-b020-66ed34960f5e", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 14.2.12-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:14fcfecf-0fa3-5c3d-819a-837166191768", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 14.2.12-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:85273deb-711b-5417-ae70-b8b5ee96784c", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 14.2.12-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:abb593de-b5f2-5599-83a3-c7c0bcb262a1", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 14.2.12-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:90f01adc-374b-5b44-a8b1-a964763b07b4", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 14.2.12-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6dfd3c12-70ab-5372-8c27-4abcc2c51595", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 14.2.12-tuxcare.1 of @angular/animations. not_affected \u2014 Angular 14.2.12-tuxcare.1 is not affected by CVE-2026-54265. This version uses the pre-pipeline compiler architecture where two-way bindings are desugared into separate property and event bindings, both of which go through proper sanitization. The vulnerability only exists in Angular 17.3.0+ where the template pipeline with TwoWayProperty IR operation was introduced." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b6dff6a-2347-599e-a968-53094c61f503", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 14.2.12-tuxcare.1 of @angular/animations. not_affected \u2014 Angular 14.2.12 is not affected by CVE-2026-54266. The vulnerable HttpTransferCache feature does not exist in this version - it was introduced in Angular v16+. The target has no code path that generates cache keys from HTTP request parameters, and therefore cannot experience cache key collisions." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:967f994e-f6da-538b-b597-61ec715d64e3", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 14.2.12-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:79b80ff1-df40-5d64-b4dc-40effc7b09ee", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 14.2.12-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/animations@14.2.12-tuxcare.1" } ] }