{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c425ea43-7a4e-5e6e-9c4b-47a529cfea20", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4", "type": "library", "name": "@angular/elements", "version": "8.0.3-tuxcare.4", "purl": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:41d2ca5c-8c61-506c-81fb-8aba7982d7f3", "id": "CVE-2021-4231", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-4231 is fixed in version 8.0.3-tuxcare.4 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f2aa76e8-ee2c-5179-934a-6bbb8f98ceb0", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 8.0.3-tuxcare.4 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ca9f8ddb-9393-5624-9447-4c0816d33bfb", "id": "CVE-2025-66412", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66412 is fixed in version 8.0.3-tuxcare.4 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ed97c39f-1732-5a00-b302-5b7a29589a0a", "id": "CVE-2026-22610", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22610 is fixed in version 8.0.3-tuxcare.4 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2f11d884-19e2-50cc-8515-acc55e3a9e0f", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 8.0.3-tuxcare.4 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1600cf78-7ed1-5658-9473-9f8e7ff3a524", "id": "CVE-2026-41423", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41423 does not affect version 8.0.3-tuxcare.4 of @angular/elements. not_affected \u2014 The target Angular version 8.0.3 is not affected by CVE-2026-41423. The vulnerability requires WHATWG URL API (introduced in Angular 8.2.x+) to manifest the hostname override behavior. Version 8.0.3 uses Node.js legacy url.parse() which does not interpret protocol-relative URLs as having attacker-controlled hostnames." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eb7c8ea1-6246-5fa9-8379-58fa39d5984f", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 8.0.3-tuxcare.4 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a386f9e6-abc6-5c6e-acc4-661d2a34b940", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 8.0.3-tuxcare.4 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:590b4ef6-3d74-5178-a7db-cafd63d1215e", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 8.0.3-tuxcare.4 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:25bc26d1-c51a-5c63-9b07-1777c7db5269", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 8.0.3-tuxcare.4 of @angular/elements. not_affected \u2014 The target Angular v8.0.3 is NOT affected by CVE-2026-50170. The vulnerability requires the HTTP transfer cache feature (packages/common/http/src/transfer_cache.ts) and client hydration mechanisms, which were introduced in Angular v16+. This version lacks the entire affected component." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:202f2546-4373-5cbb-b380-d3c00cba914c", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 8.0.3-tuxcare.4 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2eefdbd6-e154-5c43-a7fb-510d23952fe1", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 8.0.3-tuxcare.4 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:997056bc-5e98-5b4d-aab0-a177373b4cbe", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 8.0.3-tuxcare.4 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:962c311d-3601-5de1-9fb3-7ba6d5cb9300", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 8.0.3-tuxcare.4 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ff3e4dd3-e4b0-5481-8e66-240a2bfb84d2", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 8.0.3-tuxcare.4 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:40545824-1982-5629-8f8a-ffbfe81cb167", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 8.0.3-tuxcare.4 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8a338cb3-8458-5421-ab51-ccad85941175", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 8.0.3-tuxcare.4 of @angular/elements. not_affected \u2014 The target Angular service-worker version 8.0.3-tuxcare.4 is NOT AFFECTED by CVE-2026-54264. The vulnerability requires the service worker to copy and forward request headers during cross-origin redirects. This version never copies headers: the AssetGroup path creates fresh requests from URLs only (no header preservation), and the DataGroup path delegates to the browser's spec-compliant fetch A..." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2e2c26aa-b2fe-59c0-8f4d-ef1d7bcafce9", "id": "CVE-2026-54265", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54265 is fixed in version 8.0.3-tuxcare.4 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:71fb0e6c-19d2-5924-aec5-3787bd3f5567", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 8.0.3-tuxcare.4 of @angular/elements. not_affected \u2014 Angular 8.0.3-tuxcare.4 is NOT affected by CVE-2026-54266. The vulnerable HttpTransferCache feature with its weak DJB2 hash-based cache key generation does not exist in this version. HttpTransferCache was introduced in Angular v16+, while this target is v8.0.3." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:59c5d597-c5d0-5431-ba9f-43e3c2824da9", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 8.0.3-tuxcare.4 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5f3fa220-d5bd-5c38-b08a-a4e28309ddb0", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 8.0.3-tuxcare.4 of @angular/elements." }, "affects": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/elements@8.0.3-tuxcare.4" } ] }