{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ff1e8d19-f353-58ca-ad7c-4b943b28f8c4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8", "type": "library", "name": "@angular/compiler", "version": "9.1.13-tuxcare.8", "purl": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0368cd30-24f1-5854-8dbf-a4187d8a052f", "id": "CVE-2021-4231", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-4231 is fixed in version 9.1.13-tuxcare.8 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:2cb4f6a2-7b46-56e2-976e-1ffd6abb73f7", "id": "CVE-2025-66035", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66035 affects version 9.1.13-tuxcare.8 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:e081cc2b-3ad3-516d-abdb-5f28e667c112", "id": "CVE-2025-66412", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66412 is fixed in version 9.1.13-tuxcare.8 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:990fc591-1b61-5709-9c0d-0be952930e5e", "id": "CVE-2026-22610", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22610 is fixed in version 9.1.13-tuxcare.8 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:8c7170cd-39db-5f79-b07e-90ec72036f81", "id": "CVE-2026-27970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-27970 is fixed in version 9.1.13-tuxcare.8 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:3908787d-0f80-5f0f-885b-bd8f0dc55254", "id": "CVE-2026-41423", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41423 is fixed in version 9.1.13-tuxcare.8 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:8647bb7f-953f-5e0e-8905-7e312943c9bd", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 9.1.13-tuxcare.8 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:75df191f-2b60-5054-8715-fc047e21ba6a", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 9.1.13-tuxcare.8 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:32c06c47-059a-5bb3-8454-8e5c99a0bbd1", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 9.1.13-tuxcare.8 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:35b15ed9-0f3e-5a21-a80c-254e439ba9e9", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 9.1.13-tuxcare.8 of @angular/compiler. not_affected \u2014 Angular v9.1.13 is not affected by CVE-2026-50170. The vulnerability exists in Angular's HttpTransferCache feature, which was introduced in Angular v16+. This feature does not exist in v9.1.13, making the vulnerability pattern impossible to manifest." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:fe30e19d-c6d7-599b-b6e5-ca96d9ea75ac", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 9.1.13-tuxcare.8 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:9e382402-de87-576e-ac0b-118a81df3973", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 9.1.13-tuxcare.8 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:e6e232b6-f91c-5a03-97db-83ffd2c5564b", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 9.1.13-tuxcare.8 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:7d1a3938-b66f-5cbe-8a4a-ad343c518fc6", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 9.1.13-tuxcare.8 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:836e7268-bdbd-5650-9198-a09a63b40e4d", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 9.1.13-tuxcare.8 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:5fa3807e-dbf6-5a02-a0c0-6f44dc51b92d", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 9.1.13-tuxcare.8 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:8ce54d72-2020-52b9-bbb5-1eed46c8746b", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 9.1.13-tuxcare.8 of @angular/compiler. not_affected \u2014 Angular 9.1.13 is not affected by CVE-2026-54264. The target repository uses a fundamentally different request reconstruction architecture than the vulnerable upstream versions (22.0+). The vulnerability requires the presence of header-copying logic during request reconstruction, which does not exist in this version." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:bf200ede-1dec-5107-9ed3-3a18f4fb8acc", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 9.1.13-tuxcare.8 of @angular/compiler. not_affected \u2014 Angular 9.1.13-tuxcare.9 is NOT AFFECTED by CVE-2026-54265. The vulnerability exists in newer Ivy compiler's template/pipeline architecture where TwoWayProperty operations bypass sanitizer resolution. This version uses View Engine and early render3 (Ivy) implementations where two-way bindings desugar through the same parsePropertyBinding() path as one-way bindings, ensuring identical sanitizer ..." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:a60dfb41-bf21-5975-897b-3f8fa5670dc6", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 9.1.13-tuxcare.8 of @angular/compiler. not_affected \u2014 Angular 9.1.13-tuxcare.9 does not contain the HttpTransferCache feature. The vulnerability CVE-2026-54266 affects the hash generation in HttpTransferCache, a feature introduced in Angular v16+. The target version (9.1.13) predates this feature by many major versions. While TransferState (generic state serialization) exists in v9, there is no HTTP caching integration that uses it. The packages/c..." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:d35ce684-ef46-56a5-b064-24123c55c4e1", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 9.1.13-tuxcare.8 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:25f04542-5a81-5a45-9f96-fb20ba908ad7", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 9.1.13-tuxcare.8 of @angular/compiler." }, "affects": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/compiler@9.1.13-tuxcare.8" } ] }