{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:acb7fba3-2ddd-538f-add9-ba71e8b37961", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3", "type": "library", "name": "@angular/platform-browser-dynamic", "version": "15.0.3", "purl": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:57a22c8c-159c-5407-97fa-3352c63ebeef", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 15.0.3 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3" } ] }, { "bom-ref": "urn:uuid:54699d37-75b8-5a9e-ba06-2d46f09dd977", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 15.0.3 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3" } ] }, { "bom-ref": "urn:uuid:7c848a47-0c0b-54f2-9808-438c04e9b5ac", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 15.0.3 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3" } ] }, { "bom-ref": "urn:uuid:199481d2-5a52-545e-8738-60d9d1c2440b", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 15.0.3 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3" } ] }, { "bom-ref": "urn:uuid:a615ef85-2dfb-57d0-b046-fa4d3fb26dd6", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 15.0.3 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3" } ] }, { "bom-ref": "urn:uuid:7fed0100-73fc-52f1-b11a-0b5c89a6131b", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 15.0.3 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3" } ] }, { "bom-ref": "urn:uuid:8ac9c6ec-b8b5-5989-b33c-8386922eadac", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 15.0.3 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3" } ] }, { "bom-ref": "urn:uuid:2ba4a3c7-9277-5012-a57f-2fece4893efb", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 15.0.3 of @angular/platform-browser-dynamic. not_affected \u2014 Angular 15.0.3-tuxcare.1 is NOT affected by CVE-2026-50170. The HTTP TransferCache feature that is vulnerable in later Angular versions (v16+) does not exist in this version. The vulnerable code (transfer_cache.ts, hasAuthHeaders(), shouldCacheRequest(), withHttpTransferCache, provideClientHydration) is absent from Angular 15.0.3." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3" } ] }, { "bom-ref": "urn:uuid:2663831b-a711-5ab5-af4c-5836980ec459", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 15.0.3 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3" } ] }, { "bom-ref": "urn:uuid:e74a3fb7-dc90-54d2-89a7-488d0044295c", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 15.0.3 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3" } ] }, { "bom-ref": "urn:uuid:8f3b37db-276b-58b5-bddc-af3fc8c765df", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 15.0.3 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3" } ] }, { "bom-ref": "urn:uuid:5508dc32-d6f2-5968-93dd-8a75203ac288", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 15.0.3 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3" } ] }, { "bom-ref": "urn:uuid:fba2e576-319d-5a99-bf74-5cdf4fb1d411", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 15.0.3 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3" } ] }, { "bom-ref": "urn:uuid:3a1275f8-9d90-5d24-8ed5-e71931d9eb17", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 15.0.3 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3" } ] }, { "bom-ref": "urn:uuid:83b8e1d0-7027-55e3-9b3f-09884f7c5dc3", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 15.0.3 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3" } ] }, { "bom-ref": "urn:uuid:4cd4f01d-1874-5329-8a7a-cece5d10f8c7", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 15.0.3 of @angular/platform-browser-dynamic. not_affected \u2014 Angular 15.0.3 is NOT AFFECTED by CVE-2026-54265. This version uses a different compiler architecture where two-way bindings desugar through the same code path as one-way bindings, both receiving identical security context resolution and sanitizer assignment. The vulnerable code (Ivy template pipeline with separate TwoWayProperty operation type) does not exist in this version." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3" } ] }, { "bom-ref": "urn:uuid:7f02fea8-4a11-5170-b4af-ee775ea00ab7", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 15.0.3 of @angular/platform-browser-dynamic. not_affected \u2014 Angular v15.0.3-tuxcare.1 is NOT affected by CVE-2026-54266. The vulnerable HttpTransferCache feature with weak DJB2 hash-based cache keys does not exist in this version. This feature was introduced in Angular v16+. The target has no code path from HTTP request handling to the vulnerability's cache poisoning goal." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3" } ] }, { "bom-ref": "urn:uuid:e7c7a40c-9dd3-57b6-bd3d-0be5eb941d2c", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 15.0.3 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3" } ] }, { "bom-ref": "urn:uuid:792cf3e2-d319-56f6-b3f2-4712eb02952f", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 15.0.3 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@15.0.3" } ] }