{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a5baa847-6776-514f-b07d-6a6c631c79d9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5", "type": "library", "name": "@angular/benchpress", "version": "15.2.10-tuxcare.5", "purl": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:87806e8f-2132-5eb5-af7f-1a9f172be129", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 15.2.10-tuxcare.5 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:de658abd-9a76-5c25-ad8e-67b889b22a07", "id": "CVE-2025-66412", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66412 is fixed in version 15.2.10-tuxcare.5 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:86f2a23a-f927-5f04-9837-52435975d631", "id": "CVE-2026-22610", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22610 is fixed in version 15.2.10-tuxcare.5 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4fdf0c01-6a32-5432-83b1-516482b02aab", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 15.2.10-tuxcare.5 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:02066658-4753-5526-97d6-f8cc79e6bdf3", "id": "CVE-2026-41423", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41423 is fixed in version 15.2.10-tuxcare.5 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cb924f02-0899-5ab9-bf82-7bc31bf970eb", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 15.2.10-tuxcare.5 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fefb5be0-3602-5ec0-969a-eb2af9fef935", "id": "CVE-2026-50168", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50168 is fixed in version 15.2.10-tuxcare.5 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d4b98906-f3f4-5b4a-b527-571c55d27e96", "id": "CVE-2026-50169", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50169 is fixed in version 15.2.10-tuxcare.5 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:976411ee-e6a0-55d6-8b86-2a10371991e9", "id": "CVE-2026-50170", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50170 is fixed in version 15.2.10-tuxcare.5 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:116bf459-a89f-5746-81bc-e6adff471253", "id": "CVE-2026-50171", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50171 is fixed in version 15.2.10-tuxcare.5 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:778ca5a6-e72e-529c-844f-2d942963e1d2", "id": "CVE-2026-50184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50184 is fixed in version 15.2.10-tuxcare.5 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:377ec99b-42b7-5eed-a1be-5102855ae4e0", "id": "CVE-2026-50555", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50555 is fixed in version 15.2.10-tuxcare.5 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2c3c7f28-fab3-5ebe-ba5f-2c3a0f5c40ce", "id": "CVE-2026-50556", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50556 is fixed in version 15.2.10-tuxcare.5 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7a7d93a2-f0bc-5784-8cc5-8f8afcd2b520", "id": "CVE-2026-50557", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50557 is fixed in version 15.2.10-tuxcare.5 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5da64a53-fe0c-5769-ab2e-10feb1286f56", "id": "CVE-2026-52725", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-52725 is fixed in version 15.2.10-tuxcare.5 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0fe0d8f5-248f-5fbf-ad48-515c19a01615", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 15.2.10-tuxcare.5 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f9be9968-b99f-532c-883c-73b1178d4086", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 15.2.10-tuxcare.5 of @angular/benchpress. not_affected \u2014 Angular 15.2.10 is not affected by CVE-2026-54265. This version uses a desugaring approach for two-way bindings that automatically applies sanitization through the standard property binding mechanism. The vulnerability specifically affects the TwoWayProperty operation kind in the template pipeline architecture, which was introduced in Angular 16+ and does not exist in this version." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:402012c0-d53c-5d3d-b1d1-1710bbd77546", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 15.2.10-tuxcare.5 of @angular/benchpress. not_affected \u2014 Angular 15.2.10-tuxcare.10 does not contain the HttpTransferCache feature. The vulnerable component (transfer_cache.ts) does not exist in this version. HttpTransferCache was introduced in Angular 16.0.0, and this version predates that introduction." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b084dfdd-5def-5f92-8c09-40b30383b317", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 15.2.10-tuxcare.5 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:193acda2-3707-58a4-966b-031644489498", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 15.2.10-tuxcare.5 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/benchpress@15.2.10-tuxcare.5" } ] }