{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:852ff4d8-7694-514d-ba63-0ff0842687e3",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4",
      "type": "library",
      "name": "@angular/language-service",
      "version": "8.0.3-tuxcare.4",
      "purl": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:9d428ad1-9a52-55c1-a4ef-9ed0802d2325",
      "id": "CVE-2021-4231",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2021-4231 is fixed in version 8.0.3-tuxcare.4 of @angular/language-service."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:764b1eb5-c7e1-5d7e-bb19-74d957afff04",
      "id": "CVE-2025-66035",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-66035 is fixed in version 8.0.3-tuxcare.4 of @angular/language-service."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e80f35c5-25fe-51f6-a858-bad65f75099e",
      "id": "CVE-2025-66412",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-66412 is fixed in version 8.0.3-tuxcare.4 of @angular/language-service."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2ebd360b-a071-50a6-8b0c-a15e247314f7",
      "id": "CVE-2026-22610",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-22610 is fixed in version 8.0.3-tuxcare.4 of @angular/language-service."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:73483ed3-9f25-5b04-8548-12e077724e1b",
      "id": "CVE-2026-27970",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-27970 affects version 8.0.3-tuxcare.4 of @angular/language-service."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d65ec68e-29fb-585d-9229-07491992e646",
      "id": "CVE-2026-41423",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-41423 does not affect version 8.0.3-tuxcare.4 of @angular/language-service. not_affected \u2014 The target Angular version 8.0.3 is not affected by CVE-2026-41423. The vulnerability requires WHATWG URL API (introduced in Angular 8.2.x+) to manifest the hostname override behavior. Version 8.0.3 uses Node.js legacy url.parse() which does not interpret protocol-relative URLs as having attacker-controlled hostnames."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d2cd526b-c106-5324-93c7-fd1c354c0454",
      "id": "CVE-2026-46417",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-46417 affects version 8.0.3-tuxcare.4 of @angular/language-service."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5b5dcac7-6f97-51a6-87d4-bae4427910b0",
      "id": "CVE-2026-50168",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50168 affects version 8.0.3-tuxcare.4 of @angular/language-service."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5d9f3ec3-6bc8-553f-8d7f-5ef7e7cc66f8",
      "id": "CVE-2026-50169",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50169 affects version 8.0.3-tuxcare.4 of @angular/language-service."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c3f2e7b7-51b0-5f3f-a353-6b621f8a28f9",
      "id": "CVE-2026-50170",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-50170 does not affect version 8.0.3-tuxcare.4 of @angular/language-service. not_affected \u2014 The target Angular v8.0.3 is NOT affected by CVE-2026-50170. The vulnerability requires the HTTP transfer cache feature (packages/common/http/src/transfer_cache.ts) and client hydration mechanisms, which were introduced in Angular v16+. This version lacks the entire affected component."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ba8e952e-7bae-576f-8743-0c8b06f85ebd",
      "id": "CVE-2026-50171",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50171 affects version 8.0.3-tuxcare.4 of @angular/language-service."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:27212fe0-643b-52f8-a12d-b3e3c380023f",
      "id": "CVE-2026-50184",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50184 affects version 8.0.3-tuxcare.4 of @angular/language-service."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3d8afb1e-f223-5a06-bd7f-a7601e326eb3",
      "id": "CVE-2026-50555",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50555 affects version 8.0.3-tuxcare.4 of @angular/language-service."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:66fb08d8-0e36-534d-9d93-e751393f320c",
      "id": "CVE-2026-50556",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50556 affects version 8.0.3-tuxcare.4 of @angular/language-service."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:08719c32-b429-54b9-a790-b700d138709c",
      "id": "CVE-2026-50557",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50557 affects version 8.0.3-tuxcare.4 of @angular/language-service."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ac1c4ed7-2ab4-5341-8d6e-b49d5657c5bb",
      "id": "CVE-2026-52725",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-52725 affects version 8.0.3-tuxcare.4 of @angular/language-service."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f43f1d8f-2830-5ce4-bfcb-e569e349df81",
      "id": "CVE-2026-54264",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54264 does not affect version 8.0.3-tuxcare.4 of @angular/language-service. not_affected \u2014 The target Angular service-worker version 8.0.3-tuxcare.4 is NOT AFFECTED by CVE-2026-54264. The vulnerability requires the service worker to copy and forward request headers during cross-origin redirects. This version never copies headers: the AssetGroup path creates fresh requests from URLs only (no header preservation), and the DataGroup path delegates to the browser's spec-compliant fetch A..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3e4f376b-12c0-5a8c-9e4c-8e1cfad79a02",
      "id": "CVE-2026-54265",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-54265 is fixed in version 8.0.3-tuxcare.4 of @angular/language-service."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e9c4ffa6-5f77-58de-a425-459c601f5dfb",
      "id": "CVE-2026-54266",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54266 does not affect version 8.0.3-tuxcare.4 of @angular/language-service. not_affected \u2014 Angular 8.0.3-tuxcare.4 is NOT affected by CVE-2026-54266. The vulnerable HttpTransferCache feature with its weak DJB2 hash-based cache key generation does not exist in this version. HttpTransferCache was introduced in Angular v16+, while this target is v8.0.3."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:52f126f4-7c45-5a2a-bf08-f4e3350ebf42",
      "id": "CVE-2026-54267",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54267 affects version 8.0.3-tuxcare.4 of @angular/language-service."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:588f82fd-5ff3-5f62-8b68-8d32b19af7e1",
      "id": "CVE-2026-54268",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54268 affects version 8.0.3-tuxcare.4 of @angular/language-service."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/%40angular/language-service@8.0.3-tuxcare.4"
    }
  ]
}