{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:62bb0ef0-9d5d-5af4-82c2-f2ea24126de0", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/forms@17.1.0", "type": "library", "name": "@angular/forms", "version": "17.1.0", "purl": "pkg:npm/%40angular/forms@17.1.0" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:992bf319-6900-515b-adb4-9d1950928795", "id": "CVE-2025-59052", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59052 affects version 17.1.0 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] }, { "bom-ref": "urn:uuid:469b6bcd-5158-596d-aa99-f800302a49ee", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 17.1.0 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] }, { "bom-ref": "urn:uuid:4b268363-5fdc-5dde-bb1f-af4caf849fbc", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 17.1.0 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] }, { "bom-ref": "urn:uuid:1cd187cc-5c0e-559e-9ed7-d4236c86e2c6", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 17.1.0 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] }, { "bom-ref": "urn:uuid:174c61da-b39d-5d92-a41c-2271e3d5c2fc", "id": "CVE-2026-32635", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32635 affects version 17.1.0 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] }, { "bom-ref": "urn:uuid:f3db87cb-b3be-5be4-b077-4419dee20ca7", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 17.1.0 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] }, { "bom-ref": "urn:uuid:4c98f8d4-a42d-5b7c-9641-fb5fa44ecb28", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 17.1.0 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] }, { "bom-ref": "urn:uuid:13123460-fb29-5551-98c2-75ff46d7caa4", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 17.1.0 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] }, { "bom-ref": "urn:uuid:37eea260-b799-5182-9aa0-665f5034e836", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 17.1.0 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] }, { "bom-ref": "urn:uuid:7e0dfe85-83f1-5271-a332-02e144375a10", "id": "CVE-2026-50170", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50170 affects version 17.1.0 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] }, { "bom-ref": "urn:uuid:b4bffe1c-55ea-50d2-bdb8-4d1adf61392c", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 17.1.0 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] }, { "bom-ref": "urn:uuid:b1f08cf8-07f3-5d72-81d0-e79641d146e0", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 17.1.0 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] }, { "bom-ref": "urn:uuid:637e0254-5f40-547f-a520-a5317fed3609", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 17.1.0 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] }, { "bom-ref": "urn:uuid:f80aa977-f0d7-53f5-a8e6-079df3813cb5", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 17.1.0 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] }, { "bom-ref": "urn:uuid:67d81761-8716-5d81-935b-3386f5fb0b42", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 17.1.0 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] }, { "bom-ref": "urn:uuid:772825de-6d67-506a-a8db-e2c4ac409980", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 17.1.0 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] }, { "bom-ref": "urn:uuid:ca6f5cfb-1f94-5446-9120-6d7e5e0c7c49", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 17.1.0 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] }, { "bom-ref": "urn:uuid:bb307dca-2e54-54c6-ab94-084a4e1d7601", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 17.1.0 of @angular/forms. not_affected \u2014 Angular v17.1.0 does not have the TwoWayProperty IR operation that is the subject of CVE-2026-54265. Two-way bindings are desugared into separate property and event bindings before template pipeline processing, with the property half using the same parsePropertyBinding() code path as one-way property bindings, which are properly sanitized." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] }, { "bom-ref": "urn:uuid:08f7771a-2afd-5bd5-ab54-9bc237619ff6", "id": "CVE-2026-54266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54266 affects version 17.1.0 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] }, { "bom-ref": "urn:uuid:4d22ee64-4664-5aa3-b3f6-dd84318c8a15", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 17.1.0 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] }, { "bom-ref": "urn:uuid:548ba155-c859-5e5b-9455-4dc735ba05de", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 17.1.0 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/forms@17.1.0" } ] }