{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3aa13157-7426-5b46-8f4a-d5b0779b5a51", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/bazel@17.1.0", "type": "library", "name": "@angular/bazel", "version": "17.1.0", "purl": "pkg:npm/%40angular/bazel@17.1.0" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:72429faa-cf6e-51bd-8ed3-06929caec391", "id": "CVE-2025-59052", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59052 affects version 17.1.0 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] }, { "bom-ref": "urn:uuid:8c2edb21-7084-5676-8355-5bbb55d920ad", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 17.1.0 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] }, { "bom-ref": "urn:uuid:a0d22d9d-645a-5220-8095-1ac212467621", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 17.1.0 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] }, { "bom-ref": "urn:uuid:97d14a7d-ab22-5e83-ac39-2700f723d672", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 17.1.0 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] }, { "bom-ref": "urn:uuid:db1944fa-46f1-5a84-82cb-e4fb2f8e07b9", "id": "CVE-2026-32635", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32635 affects version 17.1.0 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] }, { "bom-ref": "urn:uuid:5defcc47-f8fe-5dee-97af-2c8ceb0165c2", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 17.1.0 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] }, { "bom-ref": "urn:uuid:75fa848f-e0e8-5f46-99a2-4cb8800b7d81", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 17.1.0 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] }, { "bom-ref": "urn:uuid:9a3b9231-fcb7-5739-a28f-0ea1651d9ae4", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 17.1.0 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] }, { "bom-ref": "urn:uuid:8e1637b9-d7a2-54d1-a474-389c53b87d8f", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 17.1.0 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] }, { "bom-ref": "urn:uuid:d3dc3b12-bcf1-5edd-a0db-6817b0d5cae8", "id": "CVE-2026-50170", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50170 affects version 17.1.0 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] }, { "bom-ref": "urn:uuid:28ee89a8-1b23-5fe8-8c7a-378f23935fe4", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 17.1.0 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] }, { "bom-ref": "urn:uuid:f8708cd7-68c4-5f1f-b346-4444977bafc7", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 17.1.0 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] }, { "bom-ref": "urn:uuid:87ff8cce-1721-54f0-a8b2-08cfe1961bc8", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 17.1.0 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] }, { "bom-ref": "urn:uuid:a1fbeb5d-1e77-5e4a-8d03-e1384d75c815", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 17.1.0 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] }, { "bom-ref": "urn:uuid:78383217-b9a8-51a5-b764-689b33eb432a", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 17.1.0 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] }, { "bom-ref": "urn:uuid:f1e0d368-43cc-51e6-8a7a-1332ec250c3d", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 17.1.0 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] }, { "bom-ref": "urn:uuid:716491fb-2d86-5039-898f-2ac6e646895b", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 17.1.0 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] }, { "bom-ref": "urn:uuid:5796e8d7-f333-5ac4-be03-6d3f781b421e", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 17.1.0 of @angular/bazel. not_affected \u2014 Angular v17.1.0 does not have the TwoWayProperty IR operation that is the subject of CVE-2026-54265. Two-way bindings are desugared into separate property and event bindings before template pipeline processing, with the property half using the same parsePropertyBinding() code path as one-way property bindings, which are properly sanitized." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] }, { "bom-ref": "urn:uuid:7873a565-e7d7-5706-ad42-130f6d126df9", "id": "CVE-2026-54266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54266 affects version 17.1.0 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] }, { "bom-ref": "urn:uuid:9fe268b8-78a2-581c-86d3-dec59e5c24b5", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 17.1.0 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] }, { "bom-ref": "urn:uuid:3a00b5ba-9a7f-5244-bbb1-3cfd5a12e11f", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 17.1.0 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/bazel@17.1.0" } ] }