{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e3de7477-b778-5ae5-b5a1-a86ef48c302b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/localize@17.1.0", "type": "library", "name": "@angular/localize", "version": "17.1.0", "purl": "pkg:npm/%40angular/localize@17.1.0" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:59da8aff-38ae-55ed-8cb7-c6c91c1ed066", "id": "CVE-2025-59052", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59052 affects version 17.1.0 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] }, { "bom-ref": "urn:uuid:b9696f12-3a08-5596-9a3f-935a08ec5d61", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 17.1.0 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] }, { "bom-ref": "urn:uuid:e884811b-06ce-5869-9deb-b85e4247f1c7", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 17.1.0 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] }, { "bom-ref": "urn:uuid:2b14fb11-0d56-5f2e-b581-2ffb8188656e", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 17.1.0 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] }, { "bom-ref": "urn:uuid:86be5f47-84b6-5614-899b-be5062ea7244", "id": "CVE-2026-32635", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32635 affects version 17.1.0 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] }, { "bom-ref": "urn:uuid:059a7b6b-b169-5404-8d67-a612f30a5ee2", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 17.1.0 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] }, { "bom-ref": "urn:uuid:a4f66c4c-6de5-5e09-b602-8fe20fd2c4ae", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 17.1.0 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] }, { "bom-ref": "urn:uuid:5b6eba8c-3607-5f0a-93bd-311d4f06c493", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 17.1.0 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] }, { "bom-ref": "urn:uuid:79dc2425-0a26-5539-bc5c-1600289dac15", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 17.1.0 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] }, { "bom-ref": "urn:uuid:ae107d87-a94a-59e5-93f8-4c2ba7f0d4e5", "id": "CVE-2026-50170", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50170 affects version 17.1.0 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] }, { "bom-ref": "urn:uuid:589a1e62-069d-56a3-9b32-4a49baee5f9c", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 17.1.0 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] }, { "bom-ref": "urn:uuid:398f1382-a164-5b05-97fe-93922dbf2cd6", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 17.1.0 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] }, { "bom-ref": "urn:uuid:7feda4e8-1ba4-571b-94f8-d73034c9ade9", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 17.1.0 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] }, { "bom-ref": "urn:uuid:5310c2da-733b-5441-8f33-b9c871acc966", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 17.1.0 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] }, { "bom-ref": "urn:uuid:bc87c431-1b7e-56ce-8542-9b8e57675c6c", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 17.1.0 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] }, { "bom-ref": "urn:uuid:61fe9578-8114-53a9-9f0e-004653c28c23", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 17.1.0 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] }, { "bom-ref": "urn:uuid:b8edc43b-7467-50f9-8e08-e6f1f18594ac", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 17.1.0 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] }, { "bom-ref": "urn:uuid:521c45cf-2dc5-5305-8c62-fe98652e9d2f", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 17.1.0 of @angular/localize. not_affected \u2014 Angular v17.1.0 does not have the TwoWayProperty IR operation that is the subject of CVE-2026-54265. Two-way bindings are desugared into separate property and event bindings before template pipeline processing, with the property half using the same parsePropertyBinding() code path as one-way property bindings, which are properly sanitized." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] }, { "bom-ref": "urn:uuid:18653ef1-f2ae-5efa-b30a-691d8251b2bf", "id": "CVE-2026-54266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54266 affects version 17.1.0 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] }, { "bom-ref": "urn:uuid:b75dded9-0e7f-5c1d-9583-e438ede3e87e", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 17.1.0 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] }, { "bom-ref": "urn:uuid:0e0dabb6-27d6-5f78-b29d-4f2837daece9", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 17.1.0 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/localize@17.1.0" } ] }