{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4cdce7a8-8e23-5a80-a551-b058659b6f81", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/bazel@14.2.12", "type": "library", "name": "@angular/bazel", "version": "14.2.12", "purl": "pkg:npm/%40angular/bazel@14.2.12" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:324d35cf-a53a-5970-a08c-4ab9d15d92cd", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 14.2.12 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@14.2.12" } ] }, { "bom-ref": "urn:uuid:6f155330-fcd8-574c-a2e5-510f6f9aca09", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 14.2.12 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@14.2.12" } ] }, { "bom-ref": "urn:uuid:ebd22675-2140-548f-869b-97a681149bb7", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 14.2.12 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@14.2.12" } ] }, { "bom-ref": "urn:uuid:96370f03-b481-544c-8c5a-a274b6def1cb", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 14.2.12 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@14.2.12" } ] }, { "bom-ref": "urn:uuid:58491953-617d-59a2-bfeb-79fe8991c413", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 14.2.12 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@14.2.12" } ] }, { "bom-ref": "urn:uuid:60053c80-1a17-5db1-9579-bebb0182cd6d", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 14.2.12 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@14.2.12" } ] }, { "bom-ref": "urn:uuid:490d212a-3196-5316-8ba1-93566a4de79b", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 14.2.12 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@14.2.12" } ] }, { "bom-ref": "urn:uuid:9b9028d3-2fc9-5e15-97b7-1c009b284007", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 14.2.12 of @angular/bazel. not_affected \u2014 Angular v14.2.12-tuxcare.1 is not affected by CVE-2026-50170. The HTTP TransferCache feature and client hydration mechanism that contain the vulnerability were introduced in Angular v16+. This version predates that feature introduction and does not have the vulnerable code path." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@14.2.12" } ] }, { "bom-ref": "urn:uuid:a2f99edd-d5a8-5d8d-83fa-7cec8a5c38dc", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 14.2.12 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@14.2.12" } ] }, { "bom-ref": "urn:uuid:93984d59-8054-5653-99e6-37af2b4bec7c", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 14.2.12 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@14.2.12" } ] }, { "bom-ref": "urn:uuid:d159eba7-88db-5b7b-a049-b0f6a12a25e8", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 14.2.12 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@14.2.12" } ] }, { "bom-ref": "urn:uuid:6798f363-93f9-5675-9145-a9c679d6ddbb", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 14.2.12 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@14.2.12" } ] }, { "bom-ref": "urn:uuid:1477d9d8-403f-53f0-87ec-2052bc9127b8", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 14.2.12 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@14.2.12" } ] }, { "bom-ref": "urn:uuid:1c6a18df-0c94-51cb-aa52-11701c6c1c09", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 14.2.12 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@14.2.12" } ] }, { "bom-ref": "urn:uuid:2dd4d812-a24b-5777-a699-ef50d5ad487a", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 14.2.12 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@14.2.12" } ] }, { "bom-ref": "urn:uuid:c1288d77-7d5f-5e74-a126-efcd10529fc2", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 14.2.12 of @angular/bazel. not_affected \u2014 Angular 14.2.12-tuxcare.1 is not affected by CVE-2026-54265. This version uses the pre-pipeline compiler architecture where two-way bindings are desugared into separate property and event bindings, both of which go through proper sanitization. The vulnerability only exists in Angular 17.3.0+ where the template pipeline with TwoWayProperty IR operation was introduced." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@14.2.12" } ] }, { "bom-ref": "urn:uuid:34449214-954d-566b-8206-9cf2b59ee141", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 14.2.12 of @angular/bazel. not_affected \u2014 Angular 14.2.12 is not affected by CVE-2026-54266. The vulnerable HttpTransferCache feature does not exist in this version - it was introduced in Angular v16+. The target has no code path that generates cache keys from HTTP request parameters, and therefore cannot experience cache key collisions." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@14.2.12" } ] }, { "bom-ref": "urn:uuid:80751cc4-0884-5e23-ba39-32d15097dece", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 14.2.12 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@14.2.12" } ] }, { "bom-ref": "urn:uuid:dd345a93-fa28-56ec-96b9-a5b7781bd743", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 14.2.12 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@14.2.12" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/bazel@14.2.12" } ] }