{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:969c4017-94c4-5f62-9fe3-1734f053c3af", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1", "type": "library", "name": "@angular/language-service", "version": "14.2.12-tuxcare.1", "purl": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:53501acd-353e-534f-ae83-d82837bee3e1", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 14.2.12-tuxcare.1 of @angular/language-service." }, "affects": [ { "ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aab25bf2-c2aa-50da-9ebb-429ab7ec6bf1", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 14.2.12-tuxcare.1 of @angular/language-service." }, "affects": [ { "ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3fc89785-f4aa-5ba4-a6d9-361eddb0c9b1", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 14.2.12-tuxcare.1 of @angular/language-service." }, "affects": [ { "ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:55a20dc4-3907-5dfc-9ae4-eff3d7966f04", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 14.2.12-tuxcare.1 of @angular/language-service." }, "affects": [ { "ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c96d1b1-d6c2-5086-a590-08776b53d79e", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 14.2.12-tuxcare.1 of @angular/language-service." }, "affects": [ { "ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6ce41e7b-4feb-5249-b294-8edb201d6218", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 14.2.12-tuxcare.1 of @angular/language-service." }, "affects": [ { "ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23bb77c1-ae07-5b1e-b4cf-b3ebfe10e341", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 14.2.12-tuxcare.1 of @angular/language-service." }, "affects": [ { "ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0d7ef200-76a7-56a1-be05-18a29a256837", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 14.2.12-tuxcare.1 of @angular/language-service." }, "affects": [ { "ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:818ba601-5027-5e92-a14d-214a7616e6ca", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 14.2.12-tuxcare.1 of @angular/language-service. not_affected \u2014 Angular v14.2.12-tuxcare.1 is not affected by CVE-2026-50170. The HTTP TransferCache feature and client hydration mechanism that contain the vulnerability were introduced in Angular v16+. This version predates that feature introduction and does not have the vulnerable code path." }, "affects": [ { "ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:133f1133-765a-5101-b976-a9132babb65e", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 14.2.12-tuxcare.1 of @angular/language-service." }, "affects": [ { "ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7a54a28f-f608-58b2-82c8-162867e7b976", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 14.2.12-tuxcare.1 of @angular/language-service." }, "affects": [ { "ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a0a0a14f-5791-5496-90d4-02a1e9e529e9", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 14.2.12-tuxcare.1 of @angular/language-service." }, "affects": [ { "ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e4756bd-f369-5ca8-85de-856e261d5eeb", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 14.2.12-tuxcare.1 of @angular/language-service." }, "affects": [ { "ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6a3ef497-1e19-5e85-a7f0-72a69c5ba21b", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 14.2.12-tuxcare.1 of @angular/language-service." }, "affects": [ { "ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c6e73b09-7885-5d8e-be02-14a2f1083495", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 14.2.12-tuxcare.1 of @angular/language-service." }, "affects": [ { "ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a7ce3d68-52bd-5e55-97a5-f5cc683b3ef3", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 14.2.12-tuxcare.1 of @angular/language-service." }, "affects": [ { "ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d387c951-6bf8-5684-997d-5352bd449adc", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 14.2.12-tuxcare.1 of @angular/language-service. not_affected \u2014 Angular 14.2.12-tuxcare.1 is not affected by CVE-2026-54265. This version uses the pre-pipeline compiler architecture where two-way bindings are desugared into separate property and event bindings, both of which go through proper sanitization. The vulnerability only exists in Angular 17.3.0+ where the template pipeline with TwoWayProperty IR operation was introduced." }, "affects": [ { "ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c209a1c6-5a9c-53be-9ed9-612a0414c232", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 14.2.12-tuxcare.1 of @angular/language-service. not_affected \u2014 Angular 14.2.12 is not affected by CVE-2026-54266. The vulnerable HttpTransferCache feature does not exist in this version - it was introduced in Angular v16+. The target has no code path that generates cache keys from HTTP request parameters, and therefore cannot experience cache key collisions." }, "affects": [ { "ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0632ff76-acb9-56d5-b8ec-1abdeddf27b0", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 14.2.12-tuxcare.1 of @angular/language-service." }, "affects": [ { "ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3b0108c-f01a-5ef2-9231-51a3ea7163a0", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 14.2.12-tuxcare.1 of @angular/language-service." }, "affects": [ { "ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/language-service@14.2.12-tuxcare.1" } ] }