{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cd97d063-c1c3-586c-bdfc-4f12d9ece680", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/core@19.2.21-tuxcare.2", "type": "library", "name": "@angular/core", "version": "19.2.21-tuxcare.2", "purl": "pkg:npm/%40angular/core@19.2.21-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:86cfdbc7-09d0-5572-8284-0cb606c85082", "id": "CVE-2026-27970", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-27970 does not affect version 19.2.21-tuxcare.2 of @angular/core. already_fixed \u2014 The target repository (Angular 19.2.21-tuxcare.4) already contains the fix for CVE-2026-27970. The vulnerability (XSS via unsanitized HTML attributes in ICU message translations) has been addressed by TuxCare in prior backports. The defense mechanism in packages/core/src/render3/i18n/i18n_parse.ts lines 829-843 implements the same attribute allowlist validation as the vendor patch, blocking URI..." }, "affects": [ { "ref": "pkg:npm/%40angular/core@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f5af859-0256-5fd4-bf7a-efd04a8f689f", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 19.2.21-tuxcare.2 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:925fc878-fcf7-50cb-a238-b39185bac926", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 19.2.21-tuxcare.2 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb0c88e0-8582-5ff1-b959-8051e97008d0", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 19.2.21-tuxcare.2 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f9b2be7-35ce-5d94-9e5e-7e2e9f05b86b", "id": "CVE-2026-50170", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50170 affects version 19.2.21-tuxcare.2 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4f847ef-8669-541c-8bd7-7bebc8ae8dba", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 19.2.21-tuxcare.2 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:49034143-55e1-530d-bb68-d581d495c097", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 19.2.21-tuxcare.2 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:313c9608-9a04-5a24-b886-637a66e0cfec", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 19.2.21-tuxcare.2 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a99f71db-395e-5c12-95dc-500672f26bff", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 19.2.21-tuxcare.2 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e3844d9a-0ad2-573d-9607-0c60ad04d207", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 19.2.21-tuxcare.2 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9cae94de-7cfb-5b65-a6fd-a419c20977ea", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 19.2.21-tuxcare.2 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7dc72870-7647-5a54-ad89-504cb0ba7a76", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 19.2.21-tuxcare.2 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:59842eff-5830-56da-8500-879af46bead7", "id": "CVE-2026-54265", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54265 affects version 19.2.21-tuxcare.2 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:18d777ca-fd26-5c04-9149-2a48d23d40a6", "id": "CVE-2026-54266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54266 affects version 19.2.21-tuxcare.2 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8795150c-fe7a-598a-8509-ce48b6e9d1b2", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 19.2.21-tuxcare.2 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:806beacc-6853-50a6-981a-d81f55924cb4", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 19.2.21-tuxcare.2 of @angular/core." }, "affects": [ { "ref": "pkg:npm/%40angular/core@19.2.21-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/core@19.2.21-tuxcare.2" } ] }