{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:de5896ea-cae4-5344-95eb-d6e66e516454", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/bazel@19.2.21-tuxcare.4", "type": "library", "name": "@angular/bazel", "version": "19.2.21-tuxcare.4", "purl": "pkg:npm/%40angular/bazel@19.2.21-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3564ea6c-9980-5c56-aa91-6ea3dd391b32", "id": "CVE-2026-27970", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-27970 does not affect version 19.2.21-tuxcare.4 of @angular/bazel. already_fixed \u2014 The target repository (Angular 19.2.21-tuxcare.4) already contains the fix for CVE-2026-27970. The vulnerability (XSS via unsanitized HTML attributes in ICU message translations) has been addressed by TuxCare in prior backports. The defense mechanism in packages/core/src/render3/i18n/i18n_parse.ts lines 829-843 implements the same attribute allowlist validation as the vendor patch, blocking URI..." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:78bf78a5-d5db-5d23-bd80-2f499148c235", "id": "CVE-2026-46417", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-46417 is fixed in version 19.2.21-tuxcare.4 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5eb3578d-4664-55aa-9dc9-78c85647b292", "id": "CVE-2026-50168", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50168 is fixed in version 19.2.21-tuxcare.4 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a7682378-3c31-534b-8c34-0eeba24439bb", "id": "CVE-2026-50169", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50169 is fixed in version 19.2.21-tuxcare.4 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9fbd9778-8a3b-508d-8117-17dd793e32cb", "id": "CVE-2026-50170", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50170 is fixed in version 19.2.21-tuxcare.4 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1833e6a0-90fc-5df7-8de5-5f5a403bb0e4", "id": "CVE-2026-50171", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50171 is fixed in version 19.2.21-tuxcare.4 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:606b79b7-15a4-50b8-86d3-9183e7fe72c8", "id": "CVE-2026-50184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50184 is fixed in version 19.2.21-tuxcare.4 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7639aaeb-a7d3-5d67-9711-cae7d422eb3a", "id": "CVE-2026-50555", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50555 is fixed in version 19.2.21-tuxcare.4 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5241c475-d8c8-566a-a8fd-11c8bdd5ccd8", "id": "CVE-2026-50556", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50556 is fixed in version 19.2.21-tuxcare.4 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b3dcbfe2-03a2-58a3-9266-ca29aeb921ba", "id": "CVE-2026-50557", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50557 is fixed in version 19.2.21-tuxcare.4 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3d9b4a03-00e3-5a93-8c2f-99d574d90b83", "id": "CVE-2026-52725", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-52725 is fixed in version 19.2.21-tuxcare.4 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7ecc51c6-c3b2-5b05-87d1-93794c7d117b", "id": "CVE-2026-54264", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54264 is fixed in version 19.2.21-tuxcare.4 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:876743bc-cacd-51f7-a800-ea509e9a77f3", "id": "CVE-2026-54265", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54265 is fixed in version 19.2.21-tuxcare.4 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:88cfa199-7e4c-5bb2-853f-0bc63388b1b4", "id": "CVE-2026-54266", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54266 is fixed in version 19.2.21-tuxcare.4 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7c136df4-9747-52aa-8b92-cb417540078c", "id": "CVE-2026-54267", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54267 is fixed in version 19.2.21-tuxcare.4 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:91096460-728a-5be0-9fc6-2ebc05be1c17", "id": "CVE-2026-54268", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54268 is fixed in version 19.2.21-tuxcare.4 of @angular/bazel." }, "affects": [ { "ref": "pkg:npm/%40angular/bazel@19.2.21-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/bazel@19.2.21-tuxcare.4" } ] }