{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:6da9a5d5-7fb3-5aea-a3ed-76429534aa81",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1",
      "type": "library",
      "name": "@angular/localize",
      "version": "15.0.3-tuxcare.1",
      "purl": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:b926de25-507a-5845-ae4f-4fa7ef4abdf8",
      "id": "CVE-2025-66035",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-66035 is fixed in version 15.0.3-tuxcare.1 of @angular/localize."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c2504aa6-fcb7-5b62-ad6b-8e29769e8b4f",
      "id": "CVE-2025-66412",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-66412 affects version 15.0.3-tuxcare.1 of @angular/localize."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:46ea583d-657a-5f32-bfe0-df0019a11097",
      "id": "CVE-2026-22610",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22610 affects version 15.0.3-tuxcare.1 of @angular/localize."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:cad8d77f-2f27-5b2e-9a27-664fd2d00da7",
      "id": "CVE-2026-27970",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-27970 affects version 15.0.3-tuxcare.1 of @angular/localize."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3d5fc9d6-bd80-5c78-8382-100399fca42b",
      "id": "CVE-2026-41423",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-41423 affects version 15.0.3-tuxcare.1 of @angular/localize."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c6298c30-e6b0-5843-8977-9fe7554bed54",
      "id": "CVE-2026-46417",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-46417 affects version 15.0.3-tuxcare.1 of @angular/localize."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:294ba472-12c1-5ccc-8ca3-ed1accb20812",
      "id": "CVE-2026-50168",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50168 affects version 15.0.3-tuxcare.1 of @angular/localize."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f32c0e4e-a260-587e-8241-38ccb0075cfa",
      "id": "CVE-2026-50169",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50169 affects version 15.0.3-tuxcare.1 of @angular/localize."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b3e6ed9f-2e57-55c1-94a5-4d26a0dceaba",
      "id": "CVE-2026-50170",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-50170 does not affect version 15.0.3-tuxcare.1 of @angular/localize. not_affected \u2014 Angular 15.0.3-tuxcare.1 is NOT affected by CVE-2026-50170. The HTTP TransferCache feature that is vulnerable in later Angular versions (v16+) does not exist in this version. The vulnerable code (transfer_cache.ts, hasAuthHeaders(), shouldCacheRequest(), withHttpTransferCache, provideClientHydration) is absent from Angular 15.0.3."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a8f5d4de-7381-5750-a442-af03664db4ec",
      "id": "CVE-2026-50171",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50171 affects version 15.0.3-tuxcare.1 of @angular/localize."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:00fbf486-fb71-5c57-9774-92b849b5293c",
      "id": "CVE-2026-50184",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50184 affects version 15.0.3-tuxcare.1 of @angular/localize."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:441dc1ca-0779-5835-bb1a-08ff880a791a",
      "id": "CVE-2026-50555",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50555 affects version 15.0.3-tuxcare.1 of @angular/localize."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:00980ce2-6308-5d11-8565-e1f104d1f348",
      "id": "CVE-2026-50556",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50556 affects version 15.0.3-tuxcare.1 of @angular/localize."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:217e755a-e51d-5dc6-911b-60e5e561b098",
      "id": "CVE-2026-50557",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50557 affects version 15.0.3-tuxcare.1 of @angular/localize."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7074d745-f419-5c6b-b3cc-1355a7c20d26",
      "id": "CVE-2026-52725",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-52725 affects version 15.0.3-tuxcare.1 of @angular/localize."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a5f0c6f9-197d-582d-80d6-b972eb36a0fe",
      "id": "CVE-2026-54264",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54264 affects version 15.0.3-tuxcare.1 of @angular/localize."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:27c49c5e-0a64-5368-b746-a3a1f4fe12dd",
      "id": "CVE-2026-54265",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54265 does not affect version 15.0.3-tuxcare.1 of @angular/localize. not_affected \u2014 Angular 15.0.3 is NOT AFFECTED by CVE-2026-54265. This version uses a different compiler architecture where two-way bindings desugar through the same code path as one-way bindings, both receiving identical security context resolution and sanitizer assignment. The vulnerable code (Ivy template pipeline with separate TwoWayProperty operation type) does not exist in this version."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:11d1b0e0-a570-5e7b-b052-bacc51f69969",
      "id": "CVE-2026-54266",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54266 does not affect version 15.0.3-tuxcare.1 of @angular/localize. not_affected \u2014 Angular v15.0.3-tuxcare.1 is NOT affected by CVE-2026-54266. The vulnerable HttpTransferCache feature with weak DJB2 hash-based cache keys does not exist in this version. This feature was introduced in Angular v16+. The target has no code path from HTTP request handling to the vulnerability's cache poisoning goal."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:99ce611d-caf0-5239-a156-ce9051186647",
      "id": "CVE-2026-54267",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54267 affects version 15.0.3-tuxcare.1 of @angular/localize."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f4d2c19e-ef77-5707-b09b-324f5bf72ffe",
      "id": "CVE-2026-54268",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54268 affects version 15.0.3-tuxcare.1 of @angular/localize."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/%40angular/localize@15.0.3-tuxcare.1"
    }
  ]
}