{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3d3bd907-1fc7-55c0-b24e-49c56b78b776", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1", "type": "library", "name": "@angular/compiler", "version": "8.0.0-tuxcare.1", "purl": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:10533542-c36d-58ff-be0a-46a12e483958", "id": "CVE-2021-4231", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-4231 affects version 8.0.0-tuxcare.1 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d59ca582-d476-534f-8c3e-5803a5bf577a", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 8.0.0-tuxcare.1 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1944ec47-9945-534f-aaa3-b3e306c66184", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 8.0.0-tuxcare.1 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4921edeb-d632-5b8d-8fcf-6907815f31e5", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 8.0.0-tuxcare.1 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:abd1e2dc-4d39-538a-9464-155dada5decb", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 8.0.0-tuxcare.1 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e7a20e6e-4dbe-5b00-9e75-b86375c9cc0f", "id": "CVE-2026-41423", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41423 does not affect version 8.0.0-tuxcare.1 of @angular/compiler. not_affected \u2014 The target Angular 8.0.0 is not affected by CVE-2026-41423. The vulnerability exists only in newer Angular versions (17+) that use the WHATWG URL API. The target uses Node.js url.parse() which does not interpret protocol-relative URLs (//evil.com) as hostname overrides when used without a base URL parameter." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:70fabd2d-a13f-5097-81a2-83b794366b1a", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 8.0.0-tuxcare.1 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d23e537d-2048-50ee-862d-359c2c282f9b", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 8.0.0-tuxcare.1 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:05f0818c-c8ec-59cc-abed-1a0b11d483c0", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 8.0.0-tuxcare.1 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b42e7b3f-ad62-53d9-9e6c-41cd75c22295", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 8.0.0-tuxcare.1 of @angular/compiler. not_affected \u2014 Angular v8.0.0 is not affected by CVE-2026-50170. The vulnerability requires the HTTP TransferCache feature (automatic caching of HTTP responses during SSR with client hydration), which was introduced in Angular v16+. Version 8.0.0 lacks the vulnerable code path entirely: no transfer_cache.ts, no transferCacheInterceptorFn, no shouldCacheRequest() function, and no automatic HTTP response cachin..." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d6ba540c-7bd1-5788-8ad9-6d80de7f8e37", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 8.0.0-tuxcare.1 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0cf1d59-cb0d-58c7-87fc-cc56766d042e", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 8.0.0-tuxcare.1 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6dc1da5c-73b5-5398-b3b4-fd1a42bbbc9f", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 8.0.0-tuxcare.1 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:125f37f0-55d6-56bc-a9bf-f463e099e04a", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 8.0.0-tuxcare.1 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd8f9da6-3a40-5990-914f-d7fd7679de10", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 8.0.0-tuxcare.1 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9623b233-32ae-5561-a6e4-bc2de07f7acb", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 8.0.0-tuxcare.1 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:44b328d3-0d3e-5cc9-aa85-1109169cccee", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 8.0.0-tuxcare.1 of @angular/compiler. not_affected \u2014 Target version 8.0.0-tuxcare.2 is NOT AFFECTED by CVE-2026-54264. The Service Worker implementation strips ALL request headers (including Authorization, Proxy-Authorization, and Cookie) when reconstructing network requests for asset fetches. This architectural design prevents sensitive headers from being forwarded to any destination, including cross-origin redirect targets." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:03d501f3-9e96-5fd5-9fc2-9ca5c8857282", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 8.0.0-tuxcare.1 of @angular/compiler. not_affected \u2014 Angular 8.0.0-tuxcare.2 is NOT affected by CVE-2026-54265. This vulnerability is specific to the Ivy template compiler pipeline introduced in Angular 9+. Angular 8.0.0 uses View Engine, which desugars two-way bindings through the same parsePropertyBinding() code path as one-way bindings, inherently applying schema-derived sanitization. The vulnerable TwoWayProperty operation and resolve_sanitiz..." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0603d9b2-db98-5007-8402-d5a8157b9e9a", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 8.0.0-tuxcare.1 of @angular/compiler. not_affected \u2014 Angular 8.0.0 does not contain the vulnerable HttpTransferCache feature. The CVE-2026-54266 vulnerability affects HttpTransferCache, which was introduced in Angular 9+. While this version has the underlying TransferState mechanism, it lacks the automatic HTTP request caching feature with the vulnerable DJB2 hash-based cache key generation." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9661f83b-971e-5b2d-93b9-0d2785b5bbef", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 8.0.0-tuxcare.1 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:88eac8d8-9d79-5270-be7e-5e678bc4e91c", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 8.0.0-tuxcare.1 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/compiler@8.0.0-tuxcare.1" } ] }