{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ab1ceb0b-4d10-57c3-9e94-323a1bdfc1cb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2", "type": "library", "name": "@angular/animations", "version": "8.0.3-tuxcare.2", "purl": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:255c4c2a-8a13-582b-93a9-75bca34775a5", "id": "CVE-2021-4231", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-4231 is fixed in version 8.0.3-tuxcare.2 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e6f4f654-3032-5eb8-bd7e-a257174b1e3a", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 8.0.3-tuxcare.2 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f31625d-d996-54f9-b651-b1c3d5470213", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 8.0.3-tuxcare.2 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8efd6d46-0b67-5a53-a1ae-5318cc0d3d20", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 8.0.3-tuxcare.2 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff0d212b-5b05-5b62-be46-7014b1057a87", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 8.0.3-tuxcare.2 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ddfa4ed4-d5fd-5cca-ac11-6552d7fcc663", "id": "CVE-2026-41423", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41423 does not affect version 8.0.3-tuxcare.2 of @angular/animations. not_affected \u2014 The target Angular version 8.0.3 is not affected by CVE-2026-41423. The vulnerability requires WHATWG URL API (introduced in Angular 8.2.x+) to manifest the hostname override behavior. Version 8.0.3 uses Node.js legacy url.parse() which does not interpret protocol-relative URLs as having attacker-controlled hostnames." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bc027632-10e6-56ed-bb07-61a5142bec2c", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 8.0.3-tuxcare.2 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3db0a8b3-ff46-509e-b717-eaffbf90d931", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 8.0.3-tuxcare.2 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4b653939-2009-5b1c-8f25-5ec7bb7deb51", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 8.0.3-tuxcare.2 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:687eb9a5-72b9-5f2e-a7b5-cb9fa8a9d41c", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 8.0.3-tuxcare.2 of @angular/animations. not_affected \u2014 The target Angular v8.0.3 is NOT affected by CVE-2026-50170. The vulnerability requires the HTTP transfer cache feature (packages/common/http/src/transfer_cache.ts) and client hydration mechanisms, which were introduced in Angular v16+. This version lacks the entire affected component." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c11debf6-7913-5eb7-ad5b-f00253f7109c", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 8.0.3-tuxcare.2 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:76456af0-98ee-5b61-8702-700eb4bbb915", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 8.0.3-tuxcare.2 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:50f8f950-ba76-5aca-8e95-a13c2e3beee4", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 8.0.3-tuxcare.2 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:69a19bac-0313-5059-a925-0f6d27734bfd", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 8.0.3-tuxcare.2 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:26707e97-22bb-599b-9c6d-52db42d41e35", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 8.0.3-tuxcare.2 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3651963-1cb5-518f-9888-6112b082e5e5", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 8.0.3-tuxcare.2 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9a50f468-2752-5197-8216-675f0a33763d", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 8.0.3-tuxcare.2 of @angular/animations. not_affected \u2014 The target Angular service-worker version 8.0.3-tuxcare.4 is NOT AFFECTED by CVE-2026-54264. The vulnerability requires the service worker to copy and forward request headers during cross-origin redirects. This version never copies headers: the AssetGroup path creates fresh requests from URLs only (no header preservation), and the DataGroup path delegates to the browser's spec-compliant fetch A..." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e0098f1-e7f8-5182-b0be-2f17469baf2a", "id": "CVE-2026-54265", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54265 affects version 8.0.3-tuxcare.2 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8cc1209a-e890-5c01-a63c-80eec52c2875", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 8.0.3-tuxcare.2 of @angular/animations. not_affected \u2014 Angular 8.0.3-tuxcare.4 is NOT affected by CVE-2026-54266. The vulnerable HttpTransferCache feature with its weak DJB2 hash-based cache key generation does not exist in this version. HttpTransferCache was introduced in Angular v16+, while this target is v8.0.3." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a0989702-db51-5316-b143-ece005dbc630", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 8.0.3-tuxcare.2 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f31b21c8-af88-52f2-a68a-9c813e12acb6", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 8.0.3-tuxcare.2 of @angular/animations." }, "affects": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/animations@8.0.3-tuxcare.2" } ] }