{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:7a0828fb-ba8a-5fab-b03b-e2789b7b85ae",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1",
      "type": "library",
      "name": "@angular/benchpress",
      "version": "9.1.13-tuxcare.1",
      "purl": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:b0dfa50f-d9ab-5d7f-8c85-420dca32737e",
      "id": "CVE-2021-4231",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2021-4231 affects version 9.1.13-tuxcare.1 of @angular/benchpress."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9e480b65-041d-580d-b530-accc9ef0e0eb",
      "id": "CVE-2025-66035",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-66035 affects version 9.1.13-tuxcare.1 of @angular/benchpress."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:690fa530-da4d-505b-ae97-4449614a82c4",
      "id": "CVE-2025-66412",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-66412 affects version 9.1.13-tuxcare.1 of @angular/benchpress."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:62021a67-3d58-512a-8b44-7e7fde9453c0",
      "id": "CVE-2026-22610",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22610 affects version 9.1.13-tuxcare.1 of @angular/benchpress."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:dd037954-3e6f-5175-9d02-85b29f2deb1e",
      "id": "CVE-2026-27970",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-27970 affects version 9.1.13-tuxcare.1 of @angular/benchpress."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:208fc006-84d1-51c7-b355-1ae3dd5ac874",
      "id": "CVE-2026-41423",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-41423 is fixed in version 9.1.13-tuxcare.1 of @angular/benchpress."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e915374a-cdb6-54b6-9a05-b8af5a63e152",
      "id": "CVE-2026-46417",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-46417 affects version 9.1.13-tuxcare.1 of @angular/benchpress."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8940d18d-21ac-518d-b51d-29f60311ccc3",
      "id": "CVE-2026-50168",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50168 affects version 9.1.13-tuxcare.1 of @angular/benchpress."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:da63f968-9f19-50ea-a22d-5c0e46388f5c",
      "id": "CVE-2026-50169",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50169 affects version 9.1.13-tuxcare.1 of @angular/benchpress."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:bb4f838a-d8b6-540c-bce2-690e016f4026",
      "id": "CVE-2026-50170",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-50170 does not affect version 9.1.13-tuxcare.1 of @angular/benchpress. not_affected \u2014 Angular v9.1.13 is not affected by CVE-2026-50170. The vulnerability exists in Angular's HttpTransferCache feature, which was introduced in Angular v16+. This feature does not exist in v9.1.13, making the vulnerability pattern impossible to manifest."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6272ca3f-a954-58ef-844b-2af5cafc94c2",
      "id": "CVE-2026-50171",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50171 affects version 9.1.13-tuxcare.1 of @angular/benchpress."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d5f60a91-6fe5-5771-ac95-8a78f8dd17bd",
      "id": "CVE-2026-50184",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50184 affects version 9.1.13-tuxcare.1 of @angular/benchpress."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0a24f0d2-19fa-5dc6-86dc-58b0070cc6a1",
      "id": "CVE-2026-50555",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50555 affects version 9.1.13-tuxcare.1 of @angular/benchpress."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c240c2c5-0b35-54f9-a01f-3d74648f5d26",
      "id": "CVE-2026-50556",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50556 affects version 9.1.13-tuxcare.1 of @angular/benchpress."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4d92fadd-d8d7-5dc6-9ecf-2a1cdfd3baf2",
      "id": "CVE-2026-50557",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50557 affects version 9.1.13-tuxcare.1 of @angular/benchpress."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a7365eb6-0e01-53f5-82f7-af3c02c0c488",
      "id": "CVE-2026-52725",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-52725 affects version 9.1.13-tuxcare.1 of @angular/benchpress."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fa7d75ef-d932-501c-b2f2-51235c45cdc1",
      "id": "CVE-2026-54264",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54264 does not affect version 9.1.13-tuxcare.1 of @angular/benchpress. not_affected \u2014 Angular 9.1.13 is not affected by CVE-2026-54264. The target repository uses a fundamentally different request reconstruction architecture than the vulnerable upstream versions (22.0+). The vulnerability requires the presence of header-copying logic during request reconstruction, which does not exist in this version."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:56ce06d9-f1dd-5431-a26c-5bd7f0799428",
      "id": "CVE-2026-54265",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54265 does not affect version 9.1.13-tuxcare.1 of @angular/benchpress. not_affected \u2014 Angular 9.1.13-tuxcare.9 is NOT AFFECTED by CVE-2026-54265. The vulnerability exists in newer Ivy compiler's template/pipeline architecture where TwoWayProperty operations bypass sanitizer resolution. This version uses View Engine and early render3 (Ivy) implementations where two-way bindings desugar through the same parsePropertyBinding() path as one-way bindings, ensuring identical sanitizer ..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0f323e79-b9eb-5edd-b66e-f81ae2eb4a22",
      "id": "CVE-2026-54266",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54266 does not affect version 9.1.13-tuxcare.1 of @angular/benchpress. not_affected \u2014 Angular 9.1.13-tuxcare.9 does not contain the HttpTransferCache feature. The vulnerability CVE-2026-54266 affects the hash generation in HttpTransferCache, a feature introduced in Angular v16+. The target version (9.1.13) predates this feature by many major versions. While TransferState (generic state serialization) exists in v9, there is no HTTP caching integration that uses it. The packages/c..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:305dc92d-36ed-5e8e-86bd-aa30e99cbe34",
      "id": "CVE-2026-54267",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54267 affects version 9.1.13-tuxcare.1 of @angular/benchpress."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e854bb7c-dce2-51c9-9fe1-99ff03351eda",
      "id": "CVE-2026-54268",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54268 affects version 9.1.13-tuxcare.1 of @angular/benchpress."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.1"
    }
  ]
}