{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:e7d48c29-2aa9-5797-9e9e-48819005e55d",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.4",
      "type": "library",
      "name": "@angular/elements",
      "version": "19.2.21-tuxcare.4",
      "purl": "pkg:npm/%40angular/elements@19.2.21-tuxcare.4"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:d421a12d-576e-5ff1-953b-1c631191d31c",
      "id": "CVE-2026-27970",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-27970 does not affect version 19.2.21-tuxcare.4 of @angular/elements. already_fixed \u2014 The target repository (Angular 19.2.21-tuxcare.4) already contains the fix for CVE-2026-27970. The vulnerability (XSS via unsanitized HTML attributes in ICU message translations) has been addressed by TuxCare in prior backports. The defense mechanism in packages/core/src/render3/i18n/i18n_parse.ts lines 829-843 implements the same attribute allowlist validation as the vendor patch, blocking URI..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0086b875-fae3-5336-bc52-b54ae0ee3f02",
      "id": "CVE-2026-46417",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-46417 is fixed in version 19.2.21-tuxcare.4 of @angular/elements."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:451d93bc-1f83-5a85-9277-319fa033c29b",
      "id": "CVE-2026-50168",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50168 is fixed in version 19.2.21-tuxcare.4 of @angular/elements."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:86320cf3-35ad-5ade-bff2-ea6b73d5772a",
      "id": "CVE-2026-50169",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50169 is fixed in version 19.2.21-tuxcare.4 of @angular/elements."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b300cdcb-b44c-5c0d-a103-c01727bf6a93",
      "id": "CVE-2026-50170",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50170 is fixed in version 19.2.21-tuxcare.4 of @angular/elements."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:da2e8e24-543a-5ace-8b32-527d029373d0",
      "id": "CVE-2026-50171",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50171 is fixed in version 19.2.21-tuxcare.4 of @angular/elements."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9b35f1b9-8769-514f-87bc-7568339d9d98",
      "id": "CVE-2026-50184",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50184 is fixed in version 19.2.21-tuxcare.4 of @angular/elements."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4346d2dd-2acc-50d7-8a01-49cd7ad7ef3f",
      "id": "CVE-2026-50555",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50555 is fixed in version 19.2.21-tuxcare.4 of @angular/elements."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1b319a16-0f6a-5e96-a3a5-794adcf5d76d",
      "id": "CVE-2026-50556",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50556 is fixed in version 19.2.21-tuxcare.4 of @angular/elements."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a0ba581a-7498-5730-bffb-e61f6c73482d",
      "id": "CVE-2026-50557",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50557 is fixed in version 19.2.21-tuxcare.4 of @angular/elements."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ea38c25e-34a8-5d31-a899-721a3908ba96",
      "id": "CVE-2026-52725",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-52725 is fixed in version 19.2.21-tuxcare.4 of @angular/elements."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a8206ae1-0cb7-5bf1-bdbd-ac7e101d900a",
      "id": "CVE-2026-54264",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-54264 is fixed in version 19.2.21-tuxcare.4 of @angular/elements."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fe680c59-ced6-5777-a29d-5c721b6bae90",
      "id": "CVE-2026-54265",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-54265 is fixed in version 19.2.21-tuxcare.4 of @angular/elements."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a8a8c780-a042-5082-9499-8304c6672ac0",
      "id": "CVE-2026-54266",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-54266 is fixed in version 19.2.21-tuxcare.4 of @angular/elements."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:597f5388-805c-5c03-8163-970dd07af558",
      "id": "CVE-2026-54267",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-54267 is fixed in version 19.2.21-tuxcare.4 of @angular/elements."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6e423e40-3ef3-57d9-82f7-0d271e6c5819",
      "id": "CVE-2026-54268",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-54268 is fixed in version 19.2.21-tuxcare.4 of @angular/elements."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.4"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/%40angular/elements@19.2.21-tuxcare.4"
    }
  ]
}