{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:969692c2-0812-5c3a-a369-f4afbf99abbd", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/benchpress@14.2.12", "type": "library", "name": "@angular/benchpress", "version": "14.2.12", "purl": "pkg:npm/%40angular/benchpress@14.2.12" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:37b21fab-59ac-5d35-a7fd-491fdd8876d5", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 14.2.12 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12" } ] }, { "bom-ref": "urn:uuid:471befe9-8fb2-5065-b8cc-97d5257d408a", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 14.2.12 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12" } ] }, { "bom-ref": "urn:uuid:ba612c36-9c2e-5ba5-bafe-1815642ecc7d", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 14.2.12 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12" } ] }, { "bom-ref": "urn:uuid:c9c768b5-51cf-5d67-b86b-8124f2dc1b18", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 14.2.12 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12" } ] }, { "bom-ref": "urn:uuid:aaadf726-5d0e-5b0c-bbc7-0c33c3455628", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 14.2.12 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12" } ] }, { "bom-ref": "urn:uuid:1f65522a-ceeb-559a-b637-7dfa51ba561e", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 14.2.12 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12" } ] }, { "bom-ref": "urn:uuid:d5e179c7-c862-5237-ab67-36256d0107b2", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 14.2.12 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12" } ] }, { "bom-ref": "urn:uuid:ceb10c1d-0fbe-5057-808c-669034e56a7d", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 14.2.12 of @angular/benchpress. not_affected \u2014 Angular v14.2.12-tuxcare.1 is not affected by CVE-2026-50170. The HTTP TransferCache feature and client hydration mechanism that contain the vulnerability were introduced in Angular v16+. This version predates that feature introduction and does not have the vulnerable code path." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12" } ] }, { "bom-ref": "urn:uuid:0f6dc182-737f-5238-9b82-1dd7c55a8845", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 14.2.12 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12" } ] }, { "bom-ref": "urn:uuid:80094cb8-370f-5568-bb06-0cf5b4f3adb6", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 14.2.12 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12" } ] }, { "bom-ref": "urn:uuid:fa5c7393-74da-52df-885d-da29361bfce6", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 14.2.12 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12" } ] }, { "bom-ref": "urn:uuid:3eee1d8c-41a2-5be7-a223-f7ecd6307155", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 14.2.12 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12" } ] }, { "bom-ref": "urn:uuid:19f2c743-121f-58ec-a29d-6f016c23b191", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 14.2.12 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12" } ] }, { "bom-ref": "urn:uuid:455418a4-1e51-581b-974f-7c9de718f98d", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 14.2.12 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12" } ] }, { "bom-ref": "urn:uuid:2bd09951-27b2-55d9-8bab-6f6cab5a749e", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 14.2.12 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12" } ] }, { "bom-ref": "urn:uuid:3a00098a-381b-51cf-aebb-2406f4573cc8", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 14.2.12 of @angular/benchpress. not_affected \u2014 Angular 14.2.12-tuxcare.1 is not affected by CVE-2026-54265. This version uses the pre-pipeline compiler architecture where two-way bindings are desugared into separate property and event bindings, both of which go through proper sanitization. The vulnerability only exists in Angular 17.3.0+ where the template pipeline with TwoWayProperty IR operation was introduced." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12" } ] }, { "bom-ref": "urn:uuid:b1adc356-e619-5135-855e-bff7fc97d82e", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 14.2.12 of @angular/benchpress. not_affected \u2014 Angular 14.2.12 is not affected by CVE-2026-54266. The vulnerable HttpTransferCache feature does not exist in this version - it was introduced in Angular v16+. The target has no code path that generates cache keys from HTTP request parameters, and therefore cannot experience cache key collisions." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12" } ] }, { "bom-ref": "urn:uuid:e52c84f2-4360-5dac-b761-9f4e3f890da3", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 14.2.12 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12" } ] }, { "bom-ref": "urn:uuid:0ff96f57-c30e-59b9-bb5a-582103d01882", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 14.2.12 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/benchpress@14.2.12" } ] }