{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:97a2f72e-cde7-51ef-9ea1-c9e70802b61d",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1",
      "type": "library",
      "name": "@angular/compiler",
      "version": "15.0.3-tuxcare.1",
      "purl": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:ba5f5335-7b05-525a-9dd9-77f31d0179e6",
      "id": "CVE-2025-66035",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-66035 is fixed in version 15.0.3-tuxcare.1 of @angular/compiler."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b845023a-3be7-53a4-b8f3-89872a2a74c8",
      "id": "CVE-2025-66412",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-66412 affects version 15.0.3-tuxcare.1 of @angular/compiler."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:de0f545e-f6d3-5e5c-83ef-3b2f57533c1b",
      "id": "CVE-2026-22610",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22610 affects version 15.0.3-tuxcare.1 of @angular/compiler."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:29352794-4840-5fd2-a23c-6b0e363f320b",
      "id": "CVE-2026-27970",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-27970 affects version 15.0.3-tuxcare.1 of @angular/compiler."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:417409b9-e82f-50d6-ac60-4a2980955d3d",
      "id": "CVE-2026-41423",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-41423 affects version 15.0.3-tuxcare.1 of @angular/compiler."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3e7c94cf-66d0-59ae-ad57-d3b697ce34fe",
      "id": "CVE-2026-46417",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-46417 affects version 15.0.3-tuxcare.1 of @angular/compiler."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:71b0c226-68dd-5cca-84f9-37f5f74b1bd3",
      "id": "CVE-2026-50168",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50168 affects version 15.0.3-tuxcare.1 of @angular/compiler."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f7e78a2d-1aa0-504e-9748-d8ad94f4e689",
      "id": "CVE-2026-50169",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50169 affects version 15.0.3-tuxcare.1 of @angular/compiler."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f541300a-0bd8-512b-bed0-4365ed39ce1d",
      "id": "CVE-2026-50170",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-50170 does not affect version 15.0.3-tuxcare.1 of @angular/compiler. not_affected \u2014 Angular 15.0.3-tuxcare.1 is NOT affected by CVE-2026-50170. The HTTP TransferCache feature that is vulnerable in later Angular versions (v16+) does not exist in this version. The vulnerable code (transfer_cache.ts, hasAuthHeaders(), shouldCacheRequest(), withHttpTransferCache, provideClientHydration) is absent from Angular 15.0.3."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9ac1f8b7-f6ee-5f24-bca6-68336df2265b",
      "id": "CVE-2026-50171",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50171 affects version 15.0.3-tuxcare.1 of @angular/compiler."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0bfb7f6c-671e-58ff-92b4-2232b5ef5380",
      "id": "CVE-2026-50184",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50184 affects version 15.0.3-tuxcare.1 of @angular/compiler."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1a62dd37-593e-51b7-bde0-e583ad7eb39b",
      "id": "CVE-2026-50555",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50555 affects version 15.0.3-tuxcare.1 of @angular/compiler."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1442472b-8fe6-54e6-acbb-6e429061e726",
      "id": "CVE-2026-50556",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50556 affects version 15.0.3-tuxcare.1 of @angular/compiler."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:548fad8e-acd3-528f-957f-1508914c09dc",
      "id": "CVE-2026-50557",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50557 affects version 15.0.3-tuxcare.1 of @angular/compiler."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:400740e6-aede-568e-9862-ab30f135e05b",
      "id": "CVE-2026-52725",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-52725 affects version 15.0.3-tuxcare.1 of @angular/compiler."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2a68d7e3-4a82-57b5-ab7e-6064987dc6ca",
      "id": "CVE-2026-54264",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54264 affects version 15.0.3-tuxcare.1 of @angular/compiler."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:02ec926d-0897-561f-bcca-c86b90bca1a0",
      "id": "CVE-2026-54265",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54265 does not affect version 15.0.3-tuxcare.1 of @angular/compiler. not_affected \u2014 Angular 15.0.3 is NOT AFFECTED by CVE-2026-54265. This version uses a different compiler architecture where two-way bindings desugar through the same code path as one-way bindings, both receiving identical security context resolution and sanitizer assignment. The vulnerable code (Ivy template pipeline with separate TwoWayProperty operation type) does not exist in this version."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a0ecbecf-009e-5856-9489-48103e1e85c5",
      "id": "CVE-2026-54266",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54266 does not affect version 15.0.3-tuxcare.1 of @angular/compiler. not_affected \u2014 Angular v15.0.3-tuxcare.1 is NOT affected by CVE-2026-54266. The vulnerable HttpTransferCache feature with weak DJB2 hash-based cache keys does not exist in this version. This feature was introduced in Angular v16+. The target has no code path from HTTP request handling to the vulnerability's cache poisoning goal."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:77ea578f-0750-5ef2-9942-55c7478b9a0a",
      "id": "CVE-2026-54267",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54267 affects version 15.0.3-tuxcare.1 of @angular/compiler."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:aa739484-99ad-5ff3-91e8-953f6575bf78",
      "id": "CVE-2026-54268",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54268 affects version 15.0.3-tuxcare.1 of @angular/compiler."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/%40angular/compiler@15.0.3-tuxcare.1"
    }
  ]
}