{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:89e07434-3c39-5fa5-a294-834b93782308", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1", "type": "library", "name": "@angular/benchpress", "version": "15.2.1-tuxcare.1", "purl": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:dae0922a-6dca-544f-93f5-a59af4b28226", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 15.2.1-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d215fd6f-0c06-583f-9bda-db67dced282e", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 15.2.1-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:53873eef-2429-5a64-ab08-fffc7ff123fd", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 15.2.1-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:edc554f0-9615-5cbb-85de-b0d1734788b9", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 15.2.1-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1b0c2f35-7f37-5a7e-b9a1-18ce60451d45", "id": "CVE-2026-41423", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41423 does not affect version 15.2.1-tuxcare.1 of @angular/benchpress. not_affected \u2014 The target Angular version 15.2.1 uses Node.js url.parse() API which does not exhibit the protocol-relative URL hostname override vulnerability. The vulnerable behavior was introduced in Angular 17+ when the code was refactored to use WHATWG new URL() API. Version 15.2.1 is not affected by CVE-2026-41423." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f75f15f4-30a7-5b7d-9856-58fc540a3ca1", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 15.2.1-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:25bccbfb-0aed-539f-aa07-feec47aec755", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 15.2.1-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5254ab5c-cfa8-5893-890b-dadb112e715f", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 15.2.1-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba9325bb-c1bd-5913-ad2f-6a0f15e95070", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 15.2.1-tuxcare.1 of @angular/benchpress. not_affected \u2014 Angular 15.2.1 is not affected by CVE-2026-50170. The HTTP transfer cache feature that contains the vulnerability was introduced in Angular v16+ and does not exist in version 15.2.1. The target repository lacks the entire affected component (packages/common/http/src/transfer_cache.ts) and all related transfer cache functionality." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0cb8d9c-79e9-5dd7-9203-499d1e3e7099", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 15.2.1-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aff32648-9ca2-51d5-b06f-75be176e8c38", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 15.2.1-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ccea4428-5d3c-52bf-82d6-c81ee82ec53f", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 15.2.1-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f09664b5-0cf7-5d06-a69d-ca60fc1dbd68", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 15.2.1-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:101cb98e-186c-5b81-ad47-d9744722f883", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 15.2.1-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dbe6f2cd-2542-5dd6-83db-b50164e6efa4", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 15.2.1-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c339e272-c5d3-55da-b329-6d77c7c5970d", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 15.2.1-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18c2023a-b065-5eea-8908-97ccdace5b1c", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 15.2.1-tuxcare.1 of @angular/benchpress. not_affected \u2014 Angular 15.2.1-tuxcare.1 is NOT AFFECTED by CVE-2026-54265. The vulnerability exists only in Angular 16+ where the template pipeline architecture introduced a TwoWayProperty operation kind that was missing from the sanitizer resolution switch. Angular 15.2.1 uses the pre-pipeline Ivy compiler where two-way bindings desugar through the same parsePropertyBinding() as one-way bindings, inheriting ..." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:216cd039-e461-5e6c-a83d-cd8fe7911ab8", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 15.2.1-tuxcare.1 of @angular/benchpress. not_affected \u2014 Angular 15.2.1 does not contain the HttpTransferCache feature, which was introduced in Angular 16.0.0. The vulnerable code path involving hash-based HTTP request caching does not exist in this version." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:52b4c2c6-5828-5ae4-a67f-dab04895b77d", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 15.2.1-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f302ac9f-261c-54a4-a8d2-e5f773bbff8a", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 15.2.1-tuxcare.1 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.1-tuxcare.1" } ] }