{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5bd605a6-c823-51dc-bdaf-a83939ec10c6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.4", "type": "library", "name": "@angular/localize", "version": "19.2.21-tuxcare.4", "purl": "pkg:npm/%40angular/localize@19.2.21-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7b4b56d6-43c3-50d1-b593-ca3d8a4f2b1f", "id": "CVE-2026-27970", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-27970 does not affect version 19.2.21-tuxcare.4 of @angular/localize. already_fixed \u2014 The target repository (Angular 19.2.21-tuxcare.4) already contains the fix for CVE-2026-27970. The vulnerability (XSS via unsanitized HTML attributes in ICU message translations) has been addressed by TuxCare in prior backports. The defense mechanism in packages/core/src/render3/i18n/i18n_parse.ts lines 829-843 implements the same attribute allowlist validation as the vendor patch, blocking URI..." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5370ac48-4c54-54a4-8379-a195835b23f6", "id": "CVE-2026-46417", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-46417 is fixed in version 19.2.21-tuxcare.4 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:62850f6b-9ce4-5181-9e7c-c2d7bb4d9bab", "id": "CVE-2026-50168", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50168 is fixed in version 19.2.21-tuxcare.4 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3845877d-472c-522d-8008-9ee02262bd0b", "id": "CVE-2026-50169", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50169 is fixed in version 19.2.21-tuxcare.4 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a5f0fe1b-4363-58cf-bd5c-1cc5fd34c132", "id": "CVE-2026-50170", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50170 is fixed in version 19.2.21-tuxcare.4 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7b0b52da-ccb0-59c2-9a75-1bbac808c7f6", "id": "CVE-2026-50171", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50171 is fixed in version 19.2.21-tuxcare.4 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:73e291e6-e4e8-52ba-9693-a3dea5cd3685", "id": "CVE-2026-50184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50184 is fixed in version 19.2.21-tuxcare.4 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a9252f73-641d-5cbf-9c4d-7d47cfce0016", "id": "CVE-2026-50555", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50555 is fixed in version 19.2.21-tuxcare.4 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:771073fd-170c-5a18-b287-f3244b553865", "id": "CVE-2026-50556", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50556 is fixed in version 19.2.21-tuxcare.4 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:998b5dec-f9d5-50c1-b5ba-c4c690ebf353", "id": "CVE-2026-50557", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50557 is fixed in version 19.2.21-tuxcare.4 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:92b9ddbf-8db8-5c49-b9d0-11f766f4d691", "id": "CVE-2026-52725", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-52725 is fixed in version 19.2.21-tuxcare.4 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2d064009-6661-5bd8-9d87-9accb269afa5", "id": "CVE-2026-54264", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54264 is fixed in version 19.2.21-tuxcare.4 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d3945880-afe6-58f3-978f-6840148216ae", "id": "CVE-2026-54265", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54265 is fixed in version 19.2.21-tuxcare.4 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9d74aa9d-b62d-56d5-bed2-a7a090d59d81", "id": "CVE-2026-54266", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54266 is fixed in version 19.2.21-tuxcare.4 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2f71fe10-5b47-574a-8d48-9576cdf2ba13", "id": "CVE-2026-54267", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54267 is fixed in version 19.2.21-tuxcare.4 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7e3e3519-c5df-580d-a5a1-7ced57fe28e9", "id": "CVE-2026-54268", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54268 is fixed in version 19.2.21-tuxcare.4 of @angular/localize." }, "affects": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/localize@19.2.21-tuxcare.4" } ] }