{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:95547f59-2960-57ea-ba75-16f78fbfc4fa", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/compiler@19.2.21-tuxcare.4", "type": "library", "name": "@angular/compiler", "version": "19.2.21-tuxcare.4", "purl": "pkg:npm/%40angular/compiler@19.2.21-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:df535a25-ef72-5f81-9d7d-7d4ac022e313", "id": "CVE-2026-27970", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-27970 does not affect version 19.2.21-tuxcare.4 of @angular/compiler. already_fixed \u2014 The target repository (Angular 19.2.21-tuxcare.4) already contains the fix for CVE-2026-27970. The vulnerability (XSS via unsanitized HTML attributes in ICU message translations) has been addressed by TuxCare in prior backports. The defense mechanism in packages/core/src/render3/i18n/i18n_parse.ts lines 829-843 implements the same attribute allowlist validation as the vendor patch, blocking URI..." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:97685463-d2e1-5294-bbc7-e1020cb54ce7", "id": "CVE-2026-46417", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-46417 is fixed in version 19.2.21-tuxcare.4 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6a27a929-4a46-5d05-a471-d28dccaf493d", "id": "CVE-2026-50168", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50168 is fixed in version 19.2.21-tuxcare.4 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:639995ff-a397-5c5a-9770-509e0363841a", "id": "CVE-2026-50169", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50169 is fixed in version 19.2.21-tuxcare.4 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d87a7616-405c-5ca9-abdb-80660d2ec96f", "id": "CVE-2026-50170", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50170 is fixed in version 19.2.21-tuxcare.4 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fe81d0f4-5249-5018-8fd2-dacaecad9855", "id": "CVE-2026-50171", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50171 is fixed in version 19.2.21-tuxcare.4 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:769756be-1ba2-5c41-a8b2-33de7dab9298", "id": "CVE-2026-50184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50184 is fixed in version 19.2.21-tuxcare.4 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a0c7e59c-c9a7-50cd-a5b1-ede99ec66c9d", "id": "CVE-2026-50555", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50555 is fixed in version 19.2.21-tuxcare.4 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f45b17cb-8560-58a8-84c5-bf72331bf861", "id": "CVE-2026-50556", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50556 is fixed in version 19.2.21-tuxcare.4 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6e6e685f-ad26-5d1e-b894-5a5cffd0905a", "id": "CVE-2026-50557", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50557 is fixed in version 19.2.21-tuxcare.4 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e657886c-4623-5bd4-af07-ad9477cf4cb4", "id": "CVE-2026-52725", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-52725 is fixed in version 19.2.21-tuxcare.4 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:796e5a2c-294c-5d3b-a0be-51aaa0487b9a", "id": "CVE-2026-54264", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54264 is fixed in version 19.2.21-tuxcare.4 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a3fd6197-fbac-56c3-b882-35100eadf6a3", "id": "CVE-2026-54265", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54265 is fixed in version 19.2.21-tuxcare.4 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:60b4da46-790a-523a-bc45-d0c4dadfe5db", "id": "CVE-2026-54266", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54266 is fixed in version 19.2.21-tuxcare.4 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dfa3b30a-285a-5139-8ef5-ccee5fecb2c7", "id": "CVE-2026-54267", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54267 is fixed in version 19.2.21-tuxcare.4 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fa3414ce-ff0f-5d99-a267-02dd752befce", "id": "CVE-2026-54268", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54268 is fixed in version 19.2.21-tuxcare.4 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@19.2.21-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/compiler@19.2.21-tuxcare.4" } ] }