{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bffcc9fc-57d6-5e9d-8234-eaedd348dc81", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/animations@19.2.21-tuxcare.4", "type": "library", "name": "@angular/animations", "version": "19.2.21-tuxcare.4", "purl": "pkg:npm/%40angular/animations@19.2.21-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:be16e6f1-52af-53a1-afe1-c710c6a346fa", "id": "CVE-2026-27970", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-27970 does not affect version 19.2.21-tuxcare.4 of @angular/animations. already_fixed \u2014 The target repository (Angular 19.2.21-tuxcare.4) already contains the fix for CVE-2026-27970. The vulnerability (XSS via unsanitized HTML attributes in ICU message translations) has been addressed by TuxCare in prior backports. The defense mechanism in packages/core/src/render3/i18n/i18n_parse.ts lines 829-843 implements the same attribute allowlist validation as the vendor patch, blocking URI..." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:392e6977-ee89-5de3-8d95-46807b3339d9", "id": "CVE-2026-46417", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-46417 is fixed in version 19.2.21-tuxcare.4 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:44c9f5b2-c406-5278-8227-fc7fecf1951f", "id": "CVE-2026-50168", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50168 is fixed in version 19.2.21-tuxcare.4 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:40878713-cf5d-5ffc-8bd7-86a3045db067", "id": "CVE-2026-50169", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50169 is fixed in version 19.2.21-tuxcare.4 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5edb7df4-8043-5909-bcd8-c0c2709036ad", "id": "CVE-2026-50170", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50170 is fixed in version 19.2.21-tuxcare.4 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c451f725-1fba-5a95-b96e-f7fafdc7eddc", "id": "CVE-2026-50171", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50171 is fixed in version 19.2.21-tuxcare.4 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:72e2d431-2d32-5403-9fa4-e6607732cdcc", "id": "CVE-2026-50184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50184 is fixed in version 19.2.21-tuxcare.4 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:26cefd7d-360d-5d80-88f8-270fa82252d6", "id": "CVE-2026-50555", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50555 is fixed in version 19.2.21-tuxcare.4 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cee1c321-2022-58b8-b1cb-9cc86d151172", "id": "CVE-2026-50556", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50556 is fixed in version 19.2.21-tuxcare.4 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8e8e183b-d1b4-5dde-9164-004e0b786672", "id": "CVE-2026-50557", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50557 is fixed in version 19.2.21-tuxcare.4 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:036299a4-215f-5d82-a5ab-540e3c1f8018", "id": "CVE-2026-52725", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-52725 is fixed in version 19.2.21-tuxcare.4 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ffdee69b-b78c-5baa-aeea-b4090cb5eb89", "id": "CVE-2026-54264", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54264 is fixed in version 19.2.21-tuxcare.4 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:887c1db8-d480-51f5-8d80-a42741fc08b8", "id": "CVE-2026-54265", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54265 is fixed in version 19.2.21-tuxcare.4 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:071f7218-eeab-50cc-accc-90d680e58f02", "id": "CVE-2026-54266", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54266 is fixed in version 19.2.21-tuxcare.4 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:68bb9588-3643-554a-a7a7-ef0353337c8b", "id": "CVE-2026-54267", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54267 is fixed in version 19.2.21-tuxcare.4 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:88fbf94e-dad7-5b45-8aa8-333cf300bdae", "id": "CVE-2026-54268", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54268 is fixed in version 19.2.21-tuxcare.4 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@19.2.21-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/animations@19.2.21-tuxcare.4" } ] }