{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7a22b502-25f9-5503-8170-e2aa3e1b59fd", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8", "type": "library", "name": "@angular/compiler-cli", "version": "9.1.13-tuxcare.8", "purl": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7a78653d-d391-53d3-bd32-33cd939b9a14", "id": "CVE-2021-4231", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-4231 is fixed in version 9.1.13-tuxcare.8 of @angular/compiler-cli." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:7c362ed9-046a-5fe8-9a66-70a7e30a0619", "id": "CVE-2025-66035", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66035 affects version 9.1.13-tuxcare.8 of @angular/compiler-cli." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:8781d7b9-7d29-548f-be6d-1a856e165813", "id": "CVE-2025-66412", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66412 is fixed in version 9.1.13-tuxcare.8 of @angular/compiler-cli." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:c18a36d5-1a1e-5dff-8d5f-8c359795afab", "id": "CVE-2026-22610", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22610 is fixed in version 9.1.13-tuxcare.8 of @angular/compiler-cli." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:4df47fac-db43-5686-96db-6d8fa55411ad", "id": "CVE-2026-27970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-27970 is fixed in version 9.1.13-tuxcare.8 of @angular/compiler-cli." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:643462ac-39e2-55d4-ad30-7b5d64d7c292", "id": "CVE-2026-41423", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41423 is fixed in version 9.1.13-tuxcare.8 of @angular/compiler-cli." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:e939a66e-b4ed-5fc7-926b-44b8a97da648", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 9.1.13-tuxcare.8 of @angular/compiler-cli." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:a92418bc-3565-5220-8605-159ace5632a5", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 9.1.13-tuxcare.8 of @angular/compiler-cli." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:924f8cde-a993-5898-aee1-657e4dd5c2bc", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 9.1.13-tuxcare.8 of @angular/compiler-cli." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:dcdce4db-7567-542d-9827-4f06274de29c", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 9.1.13-tuxcare.8 of @angular/compiler-cli. not_affected \u2014 Angular v9.1.13 is not affected by CVE-2026-50170. The vulnerability exists in Angular's HttpTransferCache feature, which was introduced in Angular v16+. This feature does not exist in v9.1.13, making the vulnerability pattern impossible to manifest." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:6c7677b4-f48d-5215-83f9-7bc4f3ad3d9f", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 9.1.13-tuxcare.8 of @angular/compiler-cli." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:20bd9e40-590e-574f-beef-43789af22de1", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 9.1.13-tuxcare.8 of @angular/compiler-cli." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:6bdf25df-2c8b-5f49-b230-f32615287ced", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 9.1.13-tuxcare.8 of @angular/compiler-cli." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:c59b2069-aee4-5735-97c9-48afae029538", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 9.1.13-tuxcare.8 of @angular/compiler-cli." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:2ed89e5d-f4ed-5c89-89fb-debca1954090", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 9.1.13-tuxcare.8 of @angular/compiler-cli." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:6e8747ba-2175-563d-85d4-27afe40d2f61", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 9.1.13-tuxcare.8 of @angular/compiler-cli." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:cd555d2c-09a0-5af6-994c-37bb0d4659c7", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 9.1.13-tuxcare.8 of @angular/compiler-cli. not_affected \u2014 Angular 9.1.13 is not affected by CVE-2026-54264. The target repository uses a fundamentally different request reconstruction architecture than the vulnerable upstream versions (22.0+). The vulnerability requires the presence of header-copying logic during request reconstruction, which does not exist in this version." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:67289520-6180-52c4-bc38-a78b6076f478", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 9.1.13-tuxcare.8 of @angular/compiler-cli. not_affected \u2014 Angular 9.1.13-tuxcare.9 is NOT AFFECTED by CVE-2026-54265. The vulnerability exists in newer Ivy compiler's template/pipeline architecture where TwoWayProperty operations bypass sanitizer resolution. This version uses View Engine and early render3 (Ivy) implementations where two-way bindings desugar through the same parsePropertyBinding() path as one-way bindings, ensuring identical sanitizer ..." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:0ae574a6-da5e-5599-8214-41cf8547da43", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 9.1.13-tuxcare.8 of @angular/compiler-cli. not_affected \u2014 Angular 9.1.13-tuxcare.9 does not contain the HttpTransferCache feature. The vulnerability CVE-2026-54266 affects the hash generation in HttpTransferCache, a feature introduced in Angular v16+. The target version (9.1.13) predates this feature by many major versions. While TransferState (generic state serialization) exists in v9, there is no HTTP caching integration that uses it. The packages/c..." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:c16c788a-560c-52e6-8fa3-63f9fb5c012f", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 9.1.13-tuxcare.8 of @angular/compiler-cli." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:db6cb291-b3aa-5d8d-a468-cf1eaa770fa8", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 9.1.13-tuxcare.8 of @angular/compiler-cli." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/compiler-cli@9.1.13-tuxcare.8" } ] }