{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:704aceed-6de0-5d89-81f7-ab4ed6eaac9e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1", "type": "library", "name": "@angular/animations", "version": "7.2.1-tuxcare.1", "purl": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:09f7dd11-83b1-5694-8676-872ca715719b", "id": "CVE-2021-4231", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-4231 affects version 7.2.1-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a6aab61-126d-5483-8ade-63f85b625e77", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 7.2.1-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d6c78cab-faa2-563b-816a-eb1c726878a6", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 7.2.1-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69a05b73-255c-5ca7-8eda-f65d926b0758", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 7.2.1-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:069aba48-e903-54b8-aada-273cb858a282", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 7.2.1-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9808218c-bc6f-5bb4-affe-2d2850080dea", "id": "CVE-2026-41423", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41423 does not affect version 7.2.1-tuxcare.1 of @angular/animations. not_affected \u2014 Angular v7.2.1-tuxcare.2 is NOT affected by CVE-2026-41423. The vulnerability requires WHATWG URL parsing with hostname exposure, but this version uses Node.js url.parse() and does not expose hostname/protocol/port properties. The architectural difference between v7.2.1 (legacy url.parse, no hostname tracking) and v8.2.14+ (WHATWG URL, hostname tracking) means the vulnerability pattern does not..." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c8c5f73-0054-557c-be1a-d1f54521d30f", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 7.2.1-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:337d522e-7932-5a64-bedc-def1721ae7ca", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 7.2.1-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7be4218e-c20d-5a92-9d32-706fb5f4072e", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 7.2.1-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d8448941-9968-510e-bbe5-b3eb528f0b6c", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 7.2.1-tuxcare.1 of @angular/animations. not_affected \u2014 Angular v7.2.1-tuxcare.2 is not affected by CVE-2026-50170. The HTTP Transfer Cache feature that contains the vulnerability does not exist in this version. The feature was introduced in Angular v16+, while this target is v7.2.1." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7888f335-a9bb-58a1-beba-e42fae6997fe", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 7.2.1-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e10e545d-8f2c-5bcc-ba87-b9719f0ab312", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 7.2.1-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b173712-1307-588c-a120-23db61f5be46", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 7.2.1-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83afd465-c57c-58cc-be6b-b5a05151f347", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 7.2.1-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b0cd256-be78-5a99-b787-285f41ccb97e", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 7.2.1-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:54e19647-aa6e-5f13-877f-679499bec44c", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 7.2.1-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:924340a8-7df1-5ecb-8be8-b2907dc11193", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 7.2.1-tuxcare.1 of @angular/animations. not_affected \u2014 The target Angular v7.2.1-tuxcare.2 is NOT AFFECTED by CVE-2026-54264. The vulnerability pattern (service worker forwarding sensitive headers on cross-origin redirects) does not exist in this version's architecture. Asset-group requests are reconstructed from URLs only without headers, and data-group requests delegate to the browser's native fetch which handles redirects per Fetch specification." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1a70316c-88d5-54e6-b92d-d7aeb806d4b0", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 7.2.1-tuxcare.1 of @angular/animations. not_affected \u2014 Angular 7.2.1 uses View Engine, not Ivy. CVE-2026-54265 is specific to Ivy's template pipeline and the TwoWayProperty operation kind, which does not exist in View Engine. In View Engine, two-way bindings are desugared at parse time into separate property and event bindings, with the property binding receiving identical sanitization as one-way bindings through the same code path." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:302814a7-5188-5e7a-bb93-322627229c8c", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 7.2.1-tuxcare.1 of @angular/animations. not_affected \u2014 Angular v7.2.1 is not affected by CVE-2026-54266. The HttpTransferCache feature containing the vulnerable weak hash function does not exist in this version. The feature was introduced in Angular v16+, while the target repository is Angular v7.2.1-tuxcare.2." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e33f174-2185-538c-8b17-6bd0b1694cc7", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 7.2.1-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7131a854-be2f-5837-b351-4d995ccd1da9", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 7.2.1-tuxcare.1 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/animations@7.2.1-tuxcare.1" } ] }