{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ef79bf9c-9cab-554f-9c2f-fff1818452bc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/compiler@11.2.11", "type": "library", "name": "@angular/compiler", "version": "11.2.11", "purl": "pkg:npm/%40angular/compiler@11.2.11" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4ab1a589-06c5-5b0b-b03d-89869e600ad5", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 11.2.11 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@11.2.11" } ] }, { "bom-ref": "urn:uuid:ce04a39e-ee17-54a7-b373-7422a2b5e81e", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 11.2.11 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@11.2.11" } ] }, { "bom-ref": "urn:uuid:488e0afa-3954-5177-9a72-718290d50ed0", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 11.2.11 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@11.2.11" } ] }, { "bom-ref": "urn:uuid:668bfeb3-6d25-5ddc-97e6-b7084b3e6466", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 11.2.11 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@11.2.11" } ] }, { "bom-ref": "urn:uuid:fb1f075d-3268-575e-b549-0a1deb1b480c", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 11.2.11 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@11.2.11" } ] }, { "bom-ref": "urn:uuid:dd6f1599-fefd-5a2c-8091-206a219b198a", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 11.2.11 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@11.2.11" } ] }, { "bom-ref": "urn:uuid:b0f1c613-072b-5242-b5c7-d472f748950d", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 11.2.11 of @angular/compiler. not_affected \u2014 Angular v11.2.11 is NOT AFFECTED by CVE-2026-50170. The vulnerability affects the HTTP transfer cache feature introduced in Angular v16+, which automatically caches HTTP responses during SSR and replays them during client hydration. This feature does not exist in v11.2.11. The target lacks the entire transfer_cache.ts module, withHttpTransferCache API, transferCacheInterceptorFn, and client hyd..." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@11.2.11" } ] }, { "bom-ref": "urn:uuid:70ebd10d-5fed-5567-b92e-6ff8289fd021", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 11.2.11 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@11.2.11" } ] }, { "bom-ref": "urn:uuid:af3ebad8-d3d1-537b-842f-59a001ee91c1", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 11.2.11 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@11.2.11" } ] }, { "bom-ref": "urn:uuid:47ca50b3-9f80-5be4-ae58-96531847c484", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 11.2.11 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@11.2.11" } ] }, { "bom-ref": "urn:uuid:ccd66ff6-de9f-5547-814d-b5e1dfd0a1ea", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 11.2.11 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@11.2.11" } ] }, { "bom-ref": "urn:uuid:0e3dc107-6395-584a-84f1-8c3d637bd218", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 11.2.11 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@11.2.11" } ] }, { "bom-ref": "urn:uuid:6436da81-2ee9-5554-bde2-9ddf31221f26", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 11.2.11 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@11.2.11" } ] }, { "bom-ref": "urn:uuid:e413e974-30ab-5295-ab3a-1d1716593313", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 11.2.11 of @angular/compiler. not_affected \u2014 Angular 11.2.11-tuxcare.2 is NOT AFFECTED by CVE-2026-54264. The service worker in this version does not forward request headers during asset reconstruction, eliminating the cross-origin credential leak vulnerability. The vulnerable method `newRequestWithMetadata` that copies headers from the original request does not exist in this version." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@11.2.11" } ] }, { "bom-ref": "urn:uuid:33393b28-1713-5c01-8f5d-82e47982d6ae", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 11.2.11 of @angular/compiler. not_affected \u2014 Angular 11.2.11 is not affected by CVE-2026-54265. The vulnerability targets the new Ivy compiler's TwoWayProperty operation in the template compilation pipeline, which does not exist in Angular 11.2.11. In this version, two-way bindings desugar through the same sanitization-aware parsePropertyBinding code path as one-way bindings, ensuring security-sensitive properties are properly sanitized." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@11.2.11" } ] }, { "bom-ref": "urn:uuid:9176dacc-f54e-5e48-b5fb-2f3b71c75856", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 11.2.11 of @angular/compiler. not_affected \u2014 Angular version 11.2.11 is not affected by CVE-2026-54266. The vulnerable HttpTransferCache feature with weak DJB2 hash-based cache key generation does not exist in this version. This feature was introduced in Angular v16, and version 11.2.11 predates it entirely." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@11.2.11" } ] }, { "bom-ref": "urn:uuid:554c32f7-79be-59a5-a8b2-acac8bd6a53d", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 11.2.11 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@11.2.11" } ] }, { "bom-ref": "urn:uuid:5327e505-47a2-58c1-81c6-f4d7b0d8983e", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 11.2.11 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@11.2.11" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/compiler@11.2.11" } ] }