{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b763ed5c-4fbe-564b-aa28-6d918afa33df", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8", "type": "library", "name": "@angular/benchpress", "version": "9.1.13-tuxcare.8", "purl": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5b47457a-3411-5683-9a64-60ae3f27898a", "id": "CVE-2021-4231", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-4231 is fixed in version 9.1.13-tuxcare.8 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:ccff9339-627f-5648-b38a-1a9871d34481", "id": "CVE-2025-66035", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66035 affects version 9.1.13-tuxcare.8 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:f81ca30d-0556-5c3e-b089-2b6e040d94f1", "id": "CVE-2025-66412", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66412 is fixed in version 9.1.13-tuxcare.8 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:f57e0c45-9f58-5a46-a46c-123b8a9e3cad", "id": "CVE-2026-22610", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22610 is fixed in version 9.1.13-tuxcare.8 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:3ce388c0-58e7-560a-8af3-5706c9ca3dad", "id": "CVE-2026-27970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-27970 is fixed in version 9.1.13-tuxcare.8 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:1797fb1d-7361-5a6f-9016-7558774de2ae", "id": "CVE-2026-41423", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41423 is fixed in version 9.1.13-tuxcare.8 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:285b950d-ffc6-56ba-93b4-dd86ea994a9a", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 9.1.13-tuxcare.8 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:d6e8078d-d4de-529a-acdd-a25e02c57a6b", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 9.1.13-tuxcare.8 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:21ae26a2-8cd6-56cd-b5af-0508ecb3950b", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 9.1.13-tuxcare.8 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:e09a21c2-da6d-5e59-9b49-c86e3971028d", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 9.1.13-tuxcare.8 of @angular/benchpress. not_affected \u2014 Angular v9.1.13 is not affected by CVE-2026-50170. The vulnerability exists in Angular's HttpTransferCache feature, which was introduced in Angular v16+. This feature does not exist in v9.1.13, making the vulnerability pattern impossible to manifest." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:da02ea7c-d746-5b2a-ad79-75df4d43aa38", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 9.1.13-tuxcare.8 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:314fe84f-25b5-5353-91fd-9adf78c9740a", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 9.1.13-tuxcare.8 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:5ae6f58b-648c-59fe-8507-513b2fdfcc2c", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 9.1.13-tuxcare.8 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:94b400b6-495f-54a1-a461-3b8a44103ca3", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 9.1.13-tuxcare.8 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:d1831677-7dea-50f1-9cc5-395302df7807", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 9.1.13-tuxcare.8 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:dfe33b49-1683-545d-9067-f0e0738efd9d", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 9.1.13-tuxcare.8 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:8934e77c-8d5e-52a4-80de-dd0f08cb52d9", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 9.1.13-tuxcare.8 of @angular/benchpress. not_affected \u2014 Angular 9.1.13 is not affected by CVE-2026-54264. The target repository uses a fundamentally different request reconstruction architecture than the vulnerable upstream versions (22.0+). The vulnerability requires the presence of header-copying logic during request reconstruction, which does not exist in this version." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:0ba9017a-efee-51c9-8dd3-900f6eb5c246", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 9.1.13-tuxcare.8 of @angular/benchpress. not_affected \u2014 Angular 9.1.13-tuxcare.9 is NOT AFFECTED by CVE-2026-54265. The vulnerability exists in newer Ivy compiler's template/pipeline architecture where TwoWayProperty operations bypass sanitizer resolution. This version uses View Engine and early render3 (Ivy) implementations where two-way bindings desugar through the same parsePropertyBinding() path as one-way bindings, ensuring identical sanitizer ..." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:965cfa2a-f1cf-5916-b042-27c665a0e7ab", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 9.1.13-tuxcare.8 of @angular/benchpress. not_affected \u2014 Angular 9.1.13-tuxcare.9 does not contain the HttpTransferCache feature. The vulnerability CVE-2026-54266 affects the hash generation in HttpTransferCache, a feature introduced in Angular v16+. The target version (9.1.13) predates this feature by many major versions. While TransferState (generic state serialization) exists in v9, there is no HTTP caching integration that uses it. The packages/c..." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:cea60e2f-b2f8-537b-ac54-30aaa0952a3e", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 9.1.13-tuxcare.8 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:ccfc9b10-5174-5f1d-99cc-d1bedcd25486", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 9.1.13-tuxcare.8 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/benchpress@9.1.13-tuxcare.8" } ] }