{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9a599a3d-bad7-5721-aba7-5f70c21bfc26", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0", "type": "library", "name": "@angular/platform-browser-dynamic", "version": "17.1.0", "purl": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8b4294ca-12fa-5f05-a816-b12478e2b579", "id": "CVE-2025-59052", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59052 affects version 17.1.0 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] }, { "bom-ref": "urn:uuid:6d8947eb-d31f-52a1-9f50-8223ff428b47", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 17.1.0 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] }, { "bom-ref": "urn:uuid:9b92995f-3847-5708-9bd5-96149c70ab41", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 17.1.0 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] }, { "bom-ref": "urn:uuid:47a62dac-6ecd-5a87-89be-4d081e4180ca", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 17.1.0 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] }, { "bom-ref": "urn:uuid:136d0412-9b89-5497-a4ed-f9ac3d1e3b1c", "id": "CVE-2026-32635", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32635 affects version 17.1.0 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] }, { "bom-ref": "urn:uuid:41ac7f48-7aea-5ed9-b256-ae9c06ab1075", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 17.1.0 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] }, { "bom-ref": "urn:uuid:ed866476-aa9a-5c32-bd46-2b7d36029a1b", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 17.1.0 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] }, { "bom-ref": "urn:uuid:4eaa3453-7a91-5416-8853-17489cc2ad5e", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 17.1.0 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] }, { "bom-ref": "urn:uuid:4b53bdbd-31bd-56c4-b5a1-1f18782f347b", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 17.1.0 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] }, { "bom-ref": "urn:uuid:7a87e0fa-3584-538c-a485-4ccb1f3f75ea", "id": "CVE-2026-50170", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50170 affects version 17.1.0 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] }, { "bom-ref": "urn:uuid:84b5d556-70ea-51a2-a66c-8697bc06906e", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 17.1.0 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] }, { "bom-ref": "urn:uuid:b361793d-36b5-57b3-9dd6-865daba7206f", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 17.1.0 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] }, { "bom-ref": "urn:uuid:0962ebc2-2d3c-5ceb-9496-f7ac387a5c43", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 17.1.0 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] }, { "bom-ref": "urn:uuid:7b9f2643-bbcb-56dc-bc71-0eaeb597ddf2", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 17.1.0 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] }, { "bom-ref": "urn:uuid:70b710c7-3ae6-511f-b1e0-1dc7b411e645", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 17.1.0 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] }, { "bom-ref": "urn:uuid:fbc1a9eb-f4cc-5e25-9927-44357d9a6078", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 17.1.0 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] }, { "bom-ref": "urn:uuid:75b3ec69-8f44-50f2-9ea8-094345ef3f75", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 17.1.0 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] }, { "bom-ref": "urn:uuid:48cf3d74-c217-5800-a0bb-2172e75728a5", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 17.1.0 of @angular/platform-browser-dynamic. not_affected \u2014 Angular v17.1.0 does not have the TwoWayProperty IR operation that is the subject of CVE-2026-54265. Two-way bindings are desugared into separate property and event bindings before template pipeline processing, with the property half using the same parsePropertyBinding() code path as one-way property bindings, which are properly sanitized." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] }, { "bom-ref": "urn:uuid:3c816072-a89e-5470-bcd2-f07824f7ac7c", "id": "CVE-2026-54266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54266 affects version 17.1.0 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] }, { "bom-ref": "urn:uuid:7500fab7-fecb-5d26-b3cf-9a07703c96e5", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 17.1.0 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] }, { "bom-ref": "urn:uuid:2c1fe00f-1584-5b17-ab6a-0ec61ac27fc2", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 17.1.0 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@17.1.0" } ] }