{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:52f413ac-6156-5aec-b1a2-ded8e731eac3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.2", "type": "library", "name": "@angular/localize", "version": "19.2.21-tuxcare.2", "purl": "pkg:npm/%40angular/localize@19.2.21-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b9f0bb93-0a95-510d-97e4-683108bcb0d8", "id": "CVE-2026-27970", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-27970 does not affect version 19.2.21-tuxcare.2 of @angular/localize. already_fixed \u2014 The target repository (Angular 19.2.21-tuxcare.4) already contains the fix for CVE-2026-27970. The vulnerability (XSS via unsanitized HTML attributes in ICU message translations) has been addressed by TuxCare in prior backports. The defense mechanism in packages/core/src/render3/i18n/i18n_parse.ts lines 829-843 implements the same attribute allowlist validation as the vendor patch, blocking URI..." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:42e333c6-982b-54fe-bb54-fabb8a621c30", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 19.2.21-tuxcare.2 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba80495a-839f-5c25-94d8-108fdcfc1778", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 19.2.21-tuxcare.2 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad96088b-cb32-5aef-9edb-6532686670b6", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 19.2.21-tuxcare.2 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aea94605-b97e-5496-921d-d1d6e10149c8", "id": "CVE-2026-50170", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50170 affects version 19.2.21-tuxcare.2 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:55e8bf2e-00eb-56da-b71f-562608680cd4", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 19.2.21-tuxcare.2 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3b6719dc-750f-5eb7-a141-3638dcfa19b7", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 19.2.21-tuxcare.2 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a89955af-81b1-544e-a3d7-4e9fc49213d5", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 19.2.21-tuxcare.2 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b704b59-8d84-51d1-8211-a11417c6160e", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 19.2.21-tuxcare.2 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:541f02d3-e648-52f2-aa6c-04890f91d794", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 19.2.21-tuxcare.2 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3802577f-775e-5b9e-8688-38db0ed3435d", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 19.2.21-tuxcare.2 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5dbe5673-0e56-56b0-9c32-672f124c6ae8", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 19.2.21-tuxcare.2 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1a2dec59-a685-5f1c-b720-9f6dcae20dfd", "id": "CVE-2026-54265", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54265 affects version 19.2.21-tuxcare.2 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:feb93721-92a2-53d6-b9ce-04339308293c", "id": "CVE-2026-54266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54266 affects version 19.2.21-tuxcare.2 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:033dcbee-069a-5d38-a92d-2a205f9a8514", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 19.2.21-tuxcare.2 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:99e9e383-26e6-5fe5-99bf-1cf544ac1a3f", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 19.2.21-tuxcare.2 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.2" } ] }