{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f43c6ea9-322c-53cf-a244-5a49c73b984f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1", "type": "library", "name": "@angular/core", "version": "17.1.0-tuxcare.1", "purl": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2d7d5e79-cecd-5321-9735-08fa1f32f0ba", "id": "CVE-2017-16009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2017-16009 is fixed in version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ea8c40b-aeb6-5d6b-8d5a-d7f15fcca4a5", "id": "CVE-2025-59052", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59052 affects version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d7921dfe-63da-5103-aca4-72bbe965c7ba", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:58df1f05-06c0-56ef-b638-bd976fe8a9a7", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c6bab92-4215-5864-8580-2a61ee408422", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e56c0f3-d88f-56d3-864b-477bc63c5a27", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67aaa819-d1dc-5308-84c3-576d287464b2", "id": "CVE-2026-32635", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32635 affects version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f2824f3-34f5-529e-9bfb-b3c96eb42f7a", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d95cfdf7-c345-52dc-97a0-e186c8d8490f", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2a754a64-6d07-5a8a-861c-cb1914fb43fc", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64ae7f02-c95f-5049-a98b-4d3d83e9d0e7", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:919bdb60-1169-532f-a309-7cf1ac94a16c", "id": "CVE-2026-50170", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50170 affects version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f8ec2617-1331-5847-884e-9c484c2b3899", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4660c3ac-2c50-5cd3-8559-79c8d063f688", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2bc6eb6-ca42-5261-b0c9-47583dfeaadb", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:360ece90-77bd-5384-b570-a7d7e7ce1592", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dbc9d5ab-2a53-5582-9be9-528e86f52767", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f52468c-0a7f-5123-b1ae-3c0847366ac4", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d2a3e87-cb4a-5fe3-9f12-1de0210bb0de", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:029e6025-fb7b-5231-ae5c-9dc197a51c4e", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 17.1.0-tuxcare.1 of @angular/core. not_affected \u2014 Angular v17.1.0 does not have the TwoWayProperty IR operation that is the subject of CVE-2026-54265. Two-way bindings are desugared into separate property and event bindings before template pipeline processing, with the property half using the same parsePropertyBinding() code path as one-way property bindings, which are properly sanitized." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ed3f88f-a415-5899-b41b-3cd5f47c60c6", "id": "CVE-2026-54266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54266 affects version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6f4bfb5-15ed-53bc-9cbd-1e6e10d15d0d", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:286cfb61-311d-519a-9e3b-dda08bd8730c", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 17.1.0-tuxcare.1 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/core@17.1.0-tuxcare.1" } ] }