{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b815588d-7686-573b-9b3a-293013904745", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/animations@17.1.0", "type": "library", "name": "@angular/animations", "version": "17.1.0", "purl": "pkg:npm/%40angular/animations@17.1.0" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:895e5d38-c5a4-5140-b7b5-1a37eba9d73f", "id": "CVE-2025-59052", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59052 affects version 17.1.0 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] }, { "bom-ref": "urn:uuid:73f1922e-d620-5dd2-8436-84eda0aca46f", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 17.1.0 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] }, { "bom-ref": "urn:uuid:3611d456-ddad-590f-878b-f9c83786247b", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 17.1.0 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] }, { "bom-ref": "urn:uuid:49e625a9-629c-5655-8d74-d31f92d7f6d1", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 17.1.0 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] }, { "bom-ref": "urn:uuid:e361513b-c5a8-5cba-9439-85c81ea81f32", "id": "CVE-2026-32635", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32635 affects version 17.1.0 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] }, { "bom-ref": "urn:uuid:8b0bf611-3180-593f-9402-0a07ec27bfb2", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 17.1.0 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] }, { "bom-ref": "urn:uuid:781f2084-5767-5493-b0d8-7352bb7d06a9", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 17.1.0 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] }, { "bom-ref": "urn:uuid:63a00c5f-4e51-50fd-822d-5745dc8521a3", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 17.1.0 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] }, { "bom-ref": "urn:uuid:01fe747b-c9be-508f-8aaf-c2c9334ba1b7", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 17.1.0 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] }, { "bom-ref": "urn:uuid:3f8ae72c-a73e-5a06-9fc8-e72e54e2b0e6", "id": "CVE-2026-50170", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50170 affects version 17.1.0 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] }, { "bom-ref": "urn:uuid:5b9a17ce-020e-5bf1-90b8-06e1d8ab1f19", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 17.1.0 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] }, { "bom-ref": "urn:uuid:a04fd156-4dbb-55f0-aa1a-fbb5b327b156", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 17.1.0 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] }, { "bom-ref": "urn:uuid:efdd34d6-57a3-52b1-ae8b-f2d7914527ec", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 17.1.0 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] }, { "bom-ref": "urn:uuid:35419888-3d2e-5391-beb3-dc463c866dfe", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 17.1.0 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] }, { "bom-ref": "urn:uuid:9c47e961-9f00-55a9-9b6e-93d894105c88", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 17.1.0 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] }, { "bom-ref": "urn:uuid:77023de4-2a2e-5e53-9c63-e56cbfc67cdb", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 17.1.0 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] }, { "bom-ref": "urn:uuid:be6f2c7f-db3f-5a5b-bae9-f1c28c1e5d7b", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 17.1.0 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] }, { "bom-ref": "urn:uuid:942184cb-35c6-5bf2-950b-8596502a6813", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 17.1.0 of @angular/animations. not_affected \u2014 Angular v17.1.0 does not have the TwoWayProperty IR operation that is the subject of CVE-2026-54265. Two-way bindings are desugared into separate property and event bindings before template pipeline processing, with the property half using the same parsePropertyBinding() code path as one-way property bindings, which are properly sanitized." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] }, { "bom-ref": "urn:uuid:fd1cfb92-6934-5848-bab3-8a7f1f6161bb", "id": "CVE-2026-54266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54266 affects version 17.1.0 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] }, { "bom-ref": "urn:uuid:5f34910e-c283-5fc4-8c0c-d12e7da5a099", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 17.1.0 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] }, { "bom-ref": "urn:uuid:e4949b85-42c7-5d6e-99eb-c0f2cb375d72", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 17.1.0 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/animations@17.1.0" } ] }