{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:946989c9-85fe-5191-92df-a3589628cdea", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1", "type": "library", "name": "@angular/platform-browser-dynamic", "version": "14.2.12-tuxcare.1", "purl": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e8a4cc2e-24f0-52c1-a6d5-0124e61e7da7", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 14.2.12-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a4af6649-d514-5cc6-8ef3-f07450568fd5", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 14.2.12-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37fbc265-da7b-572f-b610-d938ed5131df", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 14.2.12-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8a7da73a-c955-5dd8-8c09-08832701c023", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 14.2.12-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:75a172ae-5fac-54d9-ab11-fc98515aca29", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 14.2.12-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d842895e-a110-5df1-9f66-485e070941c5", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 14.2.12-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9197b560-0aca-5c4e-a6ad-f493a5aa574d", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 14.2.12-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7d50ce15-93d6-509a-ad0f-5ee9a8f56f90", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 14.2.12-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:57e8d719-13c3-5afc-92ef-99741affed7d", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 14.2.12-tuxcare.1 of @angular/platform-browser-dynamic. not_affected \u2014 Angular v14.2.12-tuxcare.1 is not affected by CVE-2026-50170. The HTTP TransferCache feature and client hydration mechanism that contain the vulnerability were introduced in Angular v16+. This version predates that feature introduction and does not have the vulnerable code path." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0aeca97b-a039-5f13-8ecf-5a8bc83e0854", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 14.2.12-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb61cfc4-4937-5dd4-823c-1dafae4eb60b", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 14.2.12-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c425bc5-0fd5-5922-9dbf-404ea71c21de", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 14.2.12-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:52f3be78-49e5-5e91-ab09-145a9c1c26e5", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 14.2.12-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:49d106f2-053b-5dae-bf91-bd541f13d194", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 14.2.12-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7c28bb7c-50f6-5866-ba6a-a8b055fd429e", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 14.2.12-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed04842f-5a2c-51d7-9cb4-e26805009ce1", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 14.2.12-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0783abb1-ae8d-5d42-9967-88e2a530b85d", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 14.2.12-tuxcare.1 of @angular/platform-browser-dynamic. not_affected \u2014 Angular 14.2.12-tuxcare.1 is not affected by CVE-2026-54265. This version uses the pre-pipeline compiler architecture where two-way bindings are desugared into separate property and event bindings, both of which go through proper sanitization. The vulnerability only exists in Angular 17.3.0+ where the template pipeline with TwoWayProperty IR operation was introduced." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b50da709-22b6-5de2-91d3-f3da470634bd", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 14.2.12-tuxcare.1 of @angular/platform-browser-dynamic. not_affected \u2014 Angular 14.2.12 is not affected by CVE-2026-54266. The vulnerable HttpTransferCache feature does not exist in this version - it was introduced in Angular v16+. The target has no code path that generates cache keys from HTTP request parameters, and therefore cannot experience cache key collisions." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a816991a-0013-52e6-9e96-e0fe7372785b", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 14.2.12-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6a45f8c6-d8c1-52eb-9ef1-544f8e26a12e", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 14.2.12-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@14.2.12-tuxcare.1" } ] }