{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a3943fc2-8dae-5413-8b44-5dad67e1c4f1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/forms@19.2.21-tuxcare.2", "type": "library", "name": "@angular/forms", "version": "19.2.21-tuxcare.2", "purl": "pkg:npm/%40angular/forms@19.2.21-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4c3bca09-028b-5f08-8cc5-781ff3542223", "id": "CVE-2026-27970", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-27970 does not affect version 19.2.21-tuxcare.2 of @angular/forms. already_fixed \u2014 The target repository (Angular 19.2.21-tuxcare.4) already contains the fix for CVE-2026-27970. The vulnerability (XSS via unsanitized HTML attributes in ICU message translations) has been addressed by TuxCare in prior backports. The defense mechanism in packages/core/src/render3/i18n/i18n_parse.ts lines 829-843 implements the same attribute allowlist validation as the vendor patch, blocking URI..." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:67dd2dde-5a5c-5a92-81f6-58b6f9b0cefc", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 19.2.21-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82f5ad46-4e91-51e6-9a21-c1922eb5f8ab", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 19.2.21-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:392c61c4-5f63-5e18-860e-14b5ffba4830", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 19.2.21-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f297efd1-c949-544f-8d66-0ec3b486bf6b", "id": "CVE-2026-50170", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50170 affects version 19.2.21-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28a95ef5-ab4c-517c-aaf4-d02d34c52b37", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 19.2.21-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d127433-f9cb-5541-a6e5-30967c1d00ed", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 19.2.21-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85f1a7e9-eb26-50ce-93af-e5b8210a52e9", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 19.2.21-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d1816a78-af32-55bb-8846-e9e78a158482", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 19.2.21-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e323cec9-84c3-51b9-b5d4-c389dc1d00a6", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 19.2.21-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f762ba0-142d-525b-ac4d-0ba3172855f2", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 19.2.21-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:304654fd-0cc9-5e05-86dd-35f82460c768", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 19.2.21-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:58c80a8b-10f7-5d9b-97c2-406fb2e1f77c", "id": "CVE-2026-54265", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54265 affects version 19.2.21-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:acde8626-619f-5a85-8f60-5c09305546ec", "id": "CVE-2026-54266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54266 affects version 19.2.21-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:38cf2a4f-d260-57b4-9e0e-f8790615dee2", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 19.2.21-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9cb83303-234b-5a9c-83cb-b8d1bed10dd4", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 19.2.21-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@19.2.21-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/forms@19.2.21-tuxcare.2" } ] }