{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e8ba8312-4fc7-535d-95d7-f528fd6a3dd0", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1", "type": "library", "name": "@angular/elements", "version": "15.0.3-tuxcare.1", "purl": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3076228f-95aa-581f-ab15-7a4b4903f216", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 15.0.3-tuxcare.1 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:02447aa0-c6bc-5a5e-8b2a-4c70b7e8d5c3", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 15.0.3-tuxcare.1 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:04dc783a-f492-52a9-a01c-69d49567b5dc", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 15.0.3-tuxcare.1 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe1d8c64-eed3-54b7-b3bb-f009603c1ea5", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 15.0.3-tuxcare.1 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9fcd9dc3-639c-5c1e-b788-a9e4d7a5a453", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 15.0.3-tuxcare.1 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f3d01cd-4d55-5fd5-a462-4d1976793105", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 15.0.3-tuxcare.1 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:929eb7ed-2e45-59cc-b2f6-19d71541b357", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 15.0.3-tuxcare.1 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b75e8f2-794a-5088-9718-05742416c51d", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 15.0.3-tuxcare.1 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a05a6531-f503-5e2f-9d6e-4e048eb98ec5", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 15.0.3-tuxcare.1 of @angular/elements. not_affected \u2014 Angular 15.0.3-tuxcare.1 is NOT affected by CVE-2026-50170. The HTTP TransferCache feature that is vulnerable in later Angular versions (v16+) does not exist in this version. The vulnerable code (transfer_cache.ts, hasAuthHeaders(), shouldCacheRequest(), withHttpTransferCache, provideClientHydration) is absent from Angular 15.0.3." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3656239e-f845-51b5-9fc2-f4e2ea34d000", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 15.0.3-tuxcare.1 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:836adf13-06dc-5497-bbe9-c66cf31edfcb", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 15.0.3-tuxcare.1 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e56b537d-097b-5d6b-84bc-8d409a67bbd4", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 15.0.3-tuxcare.1 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:02281405-8bf4-5b5b-a426-321fdf88c3be", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 15.0.3-tuxcare.1 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4f64894-28fd-527a-a991-b900a595bc7d", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 15.0.3-tuxcare.1 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c5d7e98c-3bef-581d-89df-f778be9a8084", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 15.0.3-tuxcare.1 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:56a761eb-7a60-570f-ad57-60d21d009fe9", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 15.0.3-tuxcare.1 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1e893a36-0a72-55c1-b3b4-8d16dd63bf80", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 15.0.3-tuxcare.1 of @angular/elements. not_affected \u2014 Angular 15.0.3 is NOT AFFECTED by CVE-2026-54265. This version uses a different compiler architecture where two-way bindings desugar through the same code path as one-way bindings, both receiving identical security context resolution and sanitizer assignment. The vulnerable code (Ivy template pipeline with separate TwoWayProperty operation type) does not exist in this version." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0629e15-b43b-572b-b173-0df83477e907", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 15.0.3-tuxcare.1 of @angular/elements. not_affected \u2014 Angular v15.0.3-tuxcare.1 is NOT affected by CVE-2026-54266. The vulnerable HttpTransferCache feature with weak DJB2 hash-based cache keys does not exist in this version. This feature was introduced in Angular v16+. The target has no code path from HTTP request handling to the vulnerability's cache poisoning goal." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:187591bb-833e-5426-97cc-c269f9bec7d4", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 15.0.3-tuxcare.1 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a9db304f-4e59-565d-928c-300024963d29", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 15.0.3-tuxcare.1 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/elements@15.0.3-tuxcare.1" } ] }