{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1f96c872-bab2-5232-ae7d-bad9596d375d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/compiler@17.1.0", "type": "library", "name": "@angular/compiler", "version": "17.1.0", "purl": "pkg:npm/%40angular/compiler@17.1.0" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1599b876-e34b-5131-8474-693b318acbec", "id": "CVE-2025-59052", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59052 affects version 17.1.0 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] }, { "bom-ref": "urn:uuid:34ee250c-0749-5cdc-a006-41d44ff482ed", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 17.1.0 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] }, { "bom-ref": "urn:uuid:265771c1-568a-52dc-a08b-d955ebc3c097", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 17.1.0 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] }, { "bom-ref": "urn:uuid:37d5f36f-f59c-504c-bc59-ff5628bd7cf3", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 17.1.0 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] }, { "bom-ref": "urn:uuid:412df715-a45d-549a-833a-e609f373e227", "id": "CVE-2026-32635", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32635 affects version 17.1.0 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] }, { "bom-ref": "urn:uuid:23bc21ac-e1a8-53fd-9f88-8bd3c1afe0bc", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 17.1.0 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] }, { "bom-ref": "urn:uuid:6ea3854e-eac5-52b4-a7b8-2d4d7a5ccff8", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 17.1.0 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] }, { "bom-ref": "urn:uuid:ca9c4f9b-c77b-5a9b-9eb8-3198c3416a8c", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 17.1.0 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] }, { "bom-ref": "urn:uuid:432c13c7-c9af-5180-b26d-f3ac508260d9", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 17.1.0 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] }, { "bom-ref": "urn:uuid:5aeb02be-5879-5f97-a721-f5f1f83fab04", "id": "CVE-2026-50170", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50170 affects version 17.1.0 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] }, { "bom-ref": "urn:uuid:92028701-b7a9-5d82-8575-37f2b1844b19", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 17.1.0 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] }, { "bom-ref": "urn:uuid:524edc79-091c-59db-9ec4-5b6e04136d8e", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 17.1.0 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] }, { "bom-ref": "urn:uuid:76bc31c9-6829-50d7-b6da-b342108dfe0b", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 17.1.0 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] }, { "bom-ref": "urn:uuid:f5344e2c-f195-54d9-b48a-c9d692a33cf8", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 17.1.0 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] }, { "bom-ref": "urn:uuid:e46d4160-c426-54fb-ab2e-498fb2acf6c3", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 17.1.0 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] }, { "bom-ref": "urn:uuid:eeeb6f96-83f6-570a-ba16-7e2acc4d15a5", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 17.1.0 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] }, { "bom-ref": "urn:uuid:646a308f-1422-5a45-9822-b1e5343c144c", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 17.1.0 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] }, { "bom-ref": "urn:uuid:8afb0594-de6d-59b8-8703-dadd387a4064", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 17.1.0 of @angular/compiler. not_affected \u2014 Angular v17.1.0 does not have the TwoWayProperty IR operation that is the subject of CVE-2026-54265. Two-way bindings are desugared into separate property and event bindings before template pipeline processing, with the property half using the same parsePropertyBinding() code path as one-way property bindings, which are properly sanitized." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] }, { "bom-ref": "urn:uuid:80af49ed-c646-5060-b849-2884cce8d33b", "id": "CVE-2026-54266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54266 affects version 17.1.0 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] }, { "bom-ref": "urn:uuid:66dfff95-9dbd-5d40-a4cb-7e18ffb5f758", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 17.1.0 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] }, { "bom-ref": "urn:uuid:2abdf925-d043-5140-a91d-6cf8f2ba931e", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 17.1.0 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/compiler@17.1.0" } ] }