{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:eb8c437f-44c8-5067-8e6e-ab03fad87dcf", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/common@17.1.0", "type": "library", "name": "@angular/common", "version": "17.1.0", "purl": "pkg:npm/%40angular/common@17.1.0" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:549ec0b6-2fa9-5e1d-9d77-511543505ecc", "id": "CVE-2025-59052", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59052 affects version 17.1.0 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] }, { "bom-ref": "urn:uuid:f087b266-d658-561c-a42b-3a6e2dfec1f8", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 17.1.0 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] }, { "bom-ref": "urn:uuid:03a78820-c1a6-58a7-9f5b-3c214bf7dc89", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 17.1.0 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] }, { "bom-ref": "urn:uuid:543e0cc0-68fc-56b8-8236-2e6459c3993e", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 17.1.0 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] }, { "bom-ref": "urn:uuid:bd44dce8-aeba-550b-b89f-7f04e3ad1dfe", "id": "CVE-2026-32635", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32635 affects version 17.1.0 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] }, { "bom-ref": "urn:uuid:cd8c9d8e-9eba-59ac-a07c-187fc50de5a9", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 17.1.0 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] }, { "bom-ref": "urn:uuid:e2856c53-b98e-5b16-87c3-22443f465de2", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 17.1.0 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] }, { "bom-ref": "urn:uuid:c300ab76-7f98-5c49-8350-ff50066d64ac", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 17.1.0 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] }, { "bom-ref": "urn:uuid:5b35ec67-089d-5fae-8f26-08b044b27d35", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 17.1.0 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] }, { "bom-ref": "urn:uuid:bafde8cc-dc15-55d6-856d-2a55a3e40302", "id": "CVE-2026-50170", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50170 affects version 17.1.0 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] }, { "bom-ref": "urn:uuid:c42647b4-41fc-557b-b3e6-ade47dc41b6c", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 17.1.0 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] }, { "bom-ref": "urn:uuid:de404737-185d-525c-ae15-b99a38b15b44", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 17.1.0 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] }, { "bom-ref": "urn:uuid:c8404b5b-a972-5be9-9071-770b6a1e0f0f", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 17.1.0 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] }, { "bom-ref": "urn:uuid:63511c13-5392-5916-be1f-fab85cab22ee", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 17.1.0 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] }, { "bom-ref": "urn:uuid:f53ff9d7-7095-5392-a104-017322b410a7", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 17.1.0 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] }, { "bom-ref": "urn:uuid:e76daf3b-aa44-5ce5-a8c6-d9696b0bbf23", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 17.1.0 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] }, { "bom-ref": "urn:uuid:2a817cd0-b275-5239-883e-80eaa1803fd6", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 17.1.0 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] }, { "bom-ref": "urn:uuid:fca6455a-d585-50de-8fbb-774aa795aad2", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 17.1.0 of @angular/common. not_affected \u2014 Angular v17.1.0 does not have the TwoWayProperty IR operation that is the subject of CVE-2026-54265. Two-way bindings are desugared into separate property and event bindings before template pipeline processing, with the property half using the same parsePropertyBinding() code path as one-way property bindings, which are properly sanitized." }, "affects": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] }, { "bom-ref": "urn:uuid:3b260de9-584d-51af-90bb-49218f1a070a", "id": "CVE-2026-54266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54266 affects version 17.1.0 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] }, { "bom-ref": "urn:uuid:3a546d60-cb25-5036-ad2d-d56aefc11846", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 17.1.0 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] }, { "bom-ref": "urn:uuid:6117ba3a-b0a3-59de-ad30-fa714d8f89da", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 17.1.0 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/common@17.1.0" } ] }