{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:79191786-c334-55da-b7cf-9ea26050e071", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.2", "type": "library", "name": "@angular/elements", "version": "19.2.21-tuxcare.2", "purl": "pkg:npm/%40angular/elements@19.2.21-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0a1db129-1d71-59e0-8a41-9ed8c5a5cad3", "id": "CVE-2026-27970", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-27970 does not affect version 19.2.21-tuxcare.2 of @angular/elements. already_fixed \u2014 The target repository (Angular 19.2.21-tuxcare.4) already contains the fix for CVE-2026-27970. The vulnerability (XSS via unsanitized HTML attributes in ICU message translations) has been addressed by TuxCare in prior backports. The defense mechanism in packages/core/src/render3/i18n/i18n_parse.ts lines 829-843 implements the same attribute allowlist validation as the vendor patch, blocking URI..." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5d6bedd2-7909-5760-a85d-dd985e0058e3", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 19.2.21-tuxcare.2 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83ea058a-416d-5231-83a1-7cd2326a4348", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 19.2.21-tuxcare.2 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:13b669b6-b2e6-5149-ad65-37b09fc69320", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 19.2.21-tuxcare.2 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:40ecb7ba-5034-5335-93b7-4cf6fd8efa48", "id": "CVE-2026-50170", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50170 affects version 19.2.21-tuxcare.2 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8f8a5115-495f-5eaf-a2c8-6aabdf91bbe7", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 19.2.21-tuxcare.2 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e18de0ed-2f1c-5f72-af95-e2c5ce510b21", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 19.2.21-tuxcare.2 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c22392ea-21a5-5e3f-a636-deb1b54f4b4a", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 19.2.21-tuxcare.2 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7362232a-7c3f-5d85-a8cf-62f3d8881696", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 19.2.21-tuxcare.2 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8c783289-2051-5da9-95f2-4193ea737de0", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 19.2.21-tuxcare.2 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d6a34a3a-2cc3-533a-bf24-27159c8af0d8", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 19.2.21-tuxcare.2 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8c31b883-981e-5e75-9d4c-d3b3cc26a39e", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 19.2.21-tuxcare.2 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4f4a6b14-1791-5418-8dfb-c3b9bb7565b2", "id": "CVE-2026-54265", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54265 affects version 19.2.21-tuxcare.2 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:72b3e63e-edd5-5973-9553-cdb73aac2c13", "id": "CVE-2026-54266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54266 affects version 19.2.21-tuxcare.2 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:221ab3e3-5c19-5d18-a5a3-1c3a5bea3c3e", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 19.2.21-tuxcare.2 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5d342468-bd29-5a0d-9c13-fab2ea05b866", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 19.2.21-tuxcare.2 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.2" } ] }