{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d5493268-fa45-573e-b023-f56da5910318", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/core@17.1.0", "type": "library", "name": "@angular/core", "version": "17.1.0", "purl": "pkg:npm/%40angular/core@17.1.0" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e5b0466f-1e69-5dc0-8458-758b031ab94b", "id": "CVE-2025-59052", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59052 affects version 17.1.0 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] }, { "bom-ref": "urn:uuid:f3c591ba-1737-57c7-83c5-4519a3de1e60", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 17.1.0 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] }, { "bom-ref": "urn:uuid:6259ab9f-7073-5a5d-b666-398159c3bc8a", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 17.1.0 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] }, { "bom-ref": "urn:uuid:49f0b5dd-a629-5b77-9e48-68c653bb5713", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 17.1.0 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] }, { "bom-ref": "urn:uuid:8b58d61e-2935-57b7-843f-00d4eef4dd0b", "id": "CVE-2026-32635", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32635 affects version 17.1.0 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] }, { "bom-ref": "urn:uuid:b61c3fa9-81c4-5741-8dda-dab12aaeada9", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 17.1.0 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] }, { "bom-ref": "urn:uuid:bb5f0378-3aec-57bc-8afc-3fb08277e99b", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 17.1.0 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] }, { "bom-ref": "urn:uuid:c2ac7443-afdd-530d-81b8-4c4e9a64f763", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 17.1.0 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] }, { "bom-ref": "urn:uuid:66fb7201-2cc7-5d12-9015-698bf6784a9a", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 17.1.0 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] }, { "bom-ref": "urn:uuid:cfd926c4-3197-5543-81af-cee66e418e3e", "id": "CVE-2026-50170", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50170 affects version 17.1.0 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] }, { "bom-ref": "urn:uuid:809dccf2-7205-580d-9a7c-7447a0f629a8", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 17.1.0 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] }, { "bom-ref": "urn:uuid:74f89eec-a45e-5d53-ab5c-68f66555e528", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 17.1.0 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] }, { "bom-ref": "urn:uuid:d4c3d2c3-5444-5365-8fa9-ad0e7dce368a", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 17.1.0 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] }, { "bom-ref": "urn:uuid:643ac60a-90b2-5367-86c6-9a8735cc316f", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 17.1.0 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] }, { "bom-ref": "urn:uuid:dafd2278-d79e-52ac-83e1-1eeece0fb55a", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 17.1.0 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] }, { "bom-ref": "urn:uuid:49226dfe-deeb-5e15-8f62-a3ec854365dc", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 17.1.0 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] }, { "bom-ref": "urn:uuid:83f3d78c-5b0f-5825-bc79-3cc4f13e0551", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 17.1.0 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] }, { "bom-ref": "urn:uuid:9da33fa7-a92e-55fa-9d66-acd6afca45cf", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 17.1.0 of @angular/core. not_affected \u2014 Angular v17.1.0 does not have the TwoWayProperty IR operation that is the subject of CVE-2026-54265. Two-way bindings are desugared into separate property and event bindings before template pipeline processing, with the property half using the same parsePropertyBinding() code path as one-way property bindings, which are properly sanitized." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] }, { "bom-ref": "urn:uuid:5da689b5-8861-56fe-823d-4d7560482d21", "id": "CVE-2026-54266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54266 affects version 17.1.0 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] }, { "bom-ref": "urn:uuid:d8bc3e32-1996-5d9b-95f5-1c728a338133", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 17.1.0 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] }, { "bom-ref": "urn:uuid:b07e6197-503e-535e-a481-f294a71643df", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 17.1.0 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/core@17.1.0" } ] }