{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b7d50841-3683-50f5-a20a-b7277380f3f9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1", "type": "library", "name": "@angular/benchpress", "version": "14.2.12-tuxcare.1", "purl": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:916cdb09-4a80-5a22-a228-b4d3acf9033c", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 14.2.12-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f3a2fe95-c0c2-5794-8540-fb593386d9ab", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 14.2.12-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e01179f5-24cf-586f-abaa-267d2240154a", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 14.2.12-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af60ce82-f136-5833-a0c4-34cc2e620655", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 14.2.12-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0971c5d4-67a0-5662-80f9-080ea2a6e214", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 14.2.12-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eeab822e-0d57-5f03-b519-96e27773fa40", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 14.2.12-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9323670e-2f8a-58c6-8bb7-ebc34bb04ac8", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 14.2.12-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:34791f1f-ceb4-581e-a3ad-1ddd85679913", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 14.2.12-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9982e699-f550-5160-8ed0-f0899ba88758", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 14.2.12-tuxcare.1 of @angular/benchpress. not_affected \u2014 Angular v14.2.12-tuxcare.1 is not affected by CVE-2026-50170. The HTTP TransferCache feature and client hydration mechanism that contain the vulnerability were introduced in Angular v16+. This version predates that feature introduction and does not have the vulnerable code path." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9fbe5cad-d8b0-565e-8cab-debc1cc3fe0a", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 14.2.12-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3208406c-2380-571c-bff3-b9a694eb9b1d", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 14.2.12-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f222e759-0710-5f40-b26a-9cbcd238ecf5", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 14.2.12-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23714e2d-8435-591b-a65c-6be0d0d6768f", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 14.2.12-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8496ef0f-6eab-5654-938e-4f23e8129f9b", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 14.2.12-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0aa60a2d-0fb1-5cdf-8703-925a5814d1dc", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 14.2.12-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d28f0d5a-1f92-506d-ae32-b08b4215a004", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 14.2.12-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:648b4f47-a48e-5923-aa60-477032a1d19f", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 14.2.12-tuxcare.1 of @angular/benchpress. not_affected \u2014 Angular 14.2.12-tuxcare.1 is not affected by CVE-2026-54265. This version uses the pre-pipeline compiler architecture where two-way bindings are desugared into separate property and event bindings, both of which go through proper sanitization. The vulnerability only exists in Angular 17.3.0+ where the template pipeline with TwoWayProperty IR operation was introduced." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6144fd7d-52c7-594f-866a-6534c23e1645", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 14.2.12-tuxcare.1 of @angular/benchpress. not_affected \u2014 Angular 14.2.12 is not affected by CVE-2026-54266. The vulnerable HttpTransferCache feature does not exist in this version - it was introduced in Angular v16+. The target has no code path that generates cache keys from HTTP request parameters, and therefore cannot experience cache key collisions." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b73fbc65-6a10-5657-b99a-17d841535cd7", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 14.2.12-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c17e3692-ee49-5f11-9ea2-591302718d5e", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 14.2.12-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12-tuxcare.1" } ] }