{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cda2989f-6808-5979-bc3e-f98ef78b9219", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2", "type": "library", "name": "@angular/common", "version": "8.0.3-tuxcare.2", "purl": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:69074585-de14-5c7d-a1bf-e1eb2668a01b", "id": "CVE-2021-4231", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-4231 is fixed in version 8.0.3-tuxcare.2 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4cfa1628-ca18-5f57-8b17-860b7fb0353e", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 8.0.3-tuxcare.2 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eff93730-524b-5af2-a0f8-1f97d363e930", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 8.0.3-tuxcare.2 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e142f26c-f883-5e16-8bbb-748d30f38792", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 8.0.3-tuxcare.2 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4650217d-7143-569b-bb4e-cc8227706077", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 8.0.3-tuxcare.2 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:24aa1656-75ac-5b0e-a17d-604ac76fca19", "id": "CVE-2026-41423", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41423 does not affect version 8.0.3-tuxcare.2 of @angular/common. not_affected \u2014 The target Angular version 8.0.3 is not affected by CVE-2026-41423. The vulnerability requires WHATWG URL API (introduced in Angular 8.2.x+) to manifest the hostname override behavior. Version 8.0.3 uses Node.js legacy url.parse() which does not interpret protocol-relative URLs as having attacker-controlled hostnames." }, "affects": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:091c2b89-8304-5a5d-bc32-57e5ca22385e", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 8.0.3-tuxcare.2 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ab58e7c6-b4ff-5b8b-bbf7-fc94783fd13c", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 8.0.3-tuxcare.2 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:15ea6913-1ab4-5eb2-b668-042a853fce5c", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 8.0.3-tuxcare.2 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a71f8a98-3a66-596d-a3ab-6a96ed193b9a", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 8.0.3-tuxcare.2 of @angular/common. not_affected \u2014 The target Angular v8.0.3 is NOT affected by CVE-2026-50170. The vulnerability requires the HTTP transfer cache feature (packages/common/http/src/transfer_cache.ts) and client hydration mechanisms, which were introduced in Angular v16+. This version lacks the entire affected component." }, "affects": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:895755f1-9d13-5e75-8b7e-56baa511f508", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 8.0.3-tuxcare.2 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:20141d12-e4c4-55cc-b657-f199cecf4617", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 8.0.3-tuxcare.2 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ee6c58d6-1726-5355-8611-32f84a8bc950", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 8.0.3-tuxcare.2 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3488f1ad-2775-50ed-9275-cd0f936cd1b6", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 8.0.3-tuxcare.2 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:503cd4ec-7496-5119-9556-c8ad7aaa881c", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 8.0.3-tuxcare.2 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7a188178-bb1c-5684-bd8d-878df9186083", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 8.0.3-tuxcare.2 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a01e62d1-f14c-5207-9e27-9c09763d505a", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 8.0.3-tuxcare.2 of @angular/common. not_affected \u2014 The target Angular service-worker version 8.0.3-tuxcare.4 is NOT AFFECTED by CVE-2026-54264. The vulnerability requires the service worker to copy and forward request headers during cross-origin redirects. This version never copies headers: the AssetGroup path creates fresh requests from URLs only (no header preservation), and the DataGroup path delegates to the browser's spec-compliant fetch A..." }, "affects": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3efce838-2db8-5f03-96ca-44d4d1939ba4", "id": "CVE-2026-54265", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54265 affects version 8.0.3-tuxcare.2 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:96f6ca9f-f823-587f-89ea-0450c6fecf23", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 8.0.3-tuxcare.2 of @angular/common. not_affected \u2014 Angular 8.0.3-tuxcare.4 is NOT affected by CVE-2026-54266. The vulnerable HttpTransferCache feature with its weak DJB2 hash-based cache key generation does not exist in this version. HttpTransferCache was introduced in Angular v16+, while this target is v8.0.3." }, "affects": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21b491f9-7ced-57b0-8590-a2a673c6e1e8", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 8.0.3-tuxcare.2 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:24900e78-a4de-57cf-9985-03735e0e7939", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 8.0.3-tuxcare.2 of @angular/common." }, "affects": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/common@8.0.3-tuxcare.2" } ] }