{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:66ef881a-032d-515e-86de-31eae42f87f7",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/%40angular/platform-browser-dynamic@19.2.21-tuxcare.2",
      "type": "library",
      "name": "@angular/platform-browser-dynamic",
      "version": "19.2.21-tuxcare.2",
      "purl": "pkg:npm/%40angular/platform-browser-dynamic@19.2.21-tuxcare.2"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:26c9eb02-69de-56a6-a1f2-772fa87c752a",
      "id": "CVE-2026-27970",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-27970 does not affect version 19.2.21-tuxcare.2 of @angular/platform-browser-dynamic. already_fixed \u2014 The target repository (Angular 19.2.21-tuxcare.4) already contains the fix for CVE-2026-27970. The vulnerability (XSS via unsanitized HTML attributes in ICU message translations) has been addressed by TuxCare in prior backports. The defense mechanism in packages/core/src/render3/i18n/i18n_parse.ts lines 829-843 implements the same attribute allowlist validation as the vendor patch, blocking URI..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-browser-dynamic@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:139cc7d9-d64c-5a5e-9d7c-ee131d645d28",
      "id": "CVE-2026-46417",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-46417 affects version 19.2.21-tuxcare.2 of @angular/platform-browser-dynamic."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-browser-dynamic@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0c329636-4645-57a2-88bc-bf1a36c596c4",
      "id": "CVE-2026-50168",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50168 affects version 19.2.21-tuxcare.2 of @angular/platform-browser-dynamic."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-browser-dynamic@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9635e10f-712a-5db0-8800-9dce9b9c7f0d",
      "id": "CVE-2026-50169",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50169 affects version 19.2.21-tuxcare.2 of @angular/platform-browser-dynamic."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-browser-dynamic@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:cb141cc3-001f-5d14-ad59-5c53f305c6a7",
      "id": "CVE-2026-50170",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50170 affects version 19.2.21-tuxcare.2 of @angular/platform-browser-dynamic."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-browser-dynamic@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8d3e5f57-9174-5da2-8e81-35bfeaa44ae3",
      "id": "CVE-2026-50171",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50171 affects version 19.2.21-tuxcare.2 of @angular/platform-browser-dynamic."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-browser-dynamic@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0b9d7363-2f70-5971-97c4-0095270774ad",
      "id": "CVE-2026-50184",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50184 affects version 19.2.21-tuxcare.2 of @angular/platform-browser-dynamic."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-browser-dynamic@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:91b70806-9a85-55bb-a1e9-f52224e173c7",
      "id": "CVE-2026-50555",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50555 affects version 19.2.21-tuxcare.2 of @angular/platform-browser-dynamic."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-browser-dynamic@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5b2ca0d8-fe52-534d-a43c-b2f2c07f67b6",
      "id": "CVE-2026-50556",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50556 affects version 19.2.21-tuxcare.2 of @angular/platform-browser-dynamic."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-browser-dynamic@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:990a715c-14f1-5a92-a78b-977df7acce0b",
      "id": "CVE-2026-50557",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50557 affects version 19.2.21-tuxcare.2 of @angular/platform-browser-dynamic."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-browser-dynamic@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:044092e8-1834-5d64-9496-6c1c234059b0",
      "id": "CVE-2026-52725",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-52725 affects version 19.2.21-tuxcare.2 of @angular/platform-browser-dynamic."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-browser-dynamic@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fa67349e-6417-5565-a3ba-a65cfb93cb3e",
      "id": "CVE-2026-54264",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54264 affects version 19.2.21-tuxcare.2 of @angular/platform-browser-dynamic."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-browser-dynamic@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:616ea2df-7738-5945-a795-6a7f71c77b57",
      "id": "CVE-2026-54265",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54265 affects version 19.2.21-tuxcare.2 of @angular/platform-browser-dynamic."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-browser-dynamic@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7f4528a1-38a4-5a9e-951c-d11f81556c81",
      "id": "CVE-2026-54266",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54266 affects version 19.2.21-tuxcare.2 of @angular/platform-browser-dynamic."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-browser-dynamic@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e8b99117-2f41-541b-86ef-fbee2a0b17c5",
      "id": "CVE-2026-54267",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54267 affects version 19.2.21-tuxcare.2 of @angular/platform-browser-dynamic."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-browser-dynamic@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:89a9edc1-5716-579a-ac1d-39583a7847a0",
      "id": "CVE-2026-54268",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54268 affects version 19.2.21-tuxcare.2 of @angular/platform-browser-dynamic."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-browser-dynamic@19.2.21-tuxcare.2"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/%40angular/platform-browser-dynamic@19.2.21-tuxcare.2"
    }
  ]
}