{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d7e550d1-90ac-5ed3-8cc5-cfb813a7a749", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2", "type": "library", "name": "@angular/platform-browser", "version": "11.2.11-tuxcare.2", "purl": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8ff1834e-843a-5c4b-ba0e-8767281cefc5", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 11.2.11-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:080fc4c2-03a7-59fb-a129-61e950b4c2f7", "id": "CVE-2025-66412", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66412 is fixed in version 11.2.11-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bb7be5fa-ab88-5784-9dd8-39f609d3a344", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 11.2.11-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f918cc7c-5798-5c96-a193-b578016117eb", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 11.2.11-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bafd51cf-b59f-54f6-b4fd-2aaf7f77dfd9", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 11.2.11-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:731f03c2-9262-508d-8e2f-ddc138f33b97", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 11.2.11-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4c51174-9d76-58bb-a060-5210e16c122a", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 11.2.11-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2251b0ac-3dbf-5115-922f-3fd41bc626b6", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 11.2.11-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:33dd9195-f71f-5138-9f0b-eb5918b86143", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 11.2.11-tuxcare.2 of @angular/platform-browser. not_affected \u2014 Angular v11.2.11 is NOT AFFECTED by CVE-2026-50170. The vulnerability affects the HTTP transfer cache feature introduced in Angular v16+, which automatically caches HTTP responses during SSR and replays them during client hydration. This feature does not exist in v11.2.11. The target lacks the entire transfer_cache.ts module, withHttpTransferCache API, transferCacheInterceptorFn, and client hyd..." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8f0d57d1-c501-5c0a-93dc-4d5ebbc27250", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 11.2.11-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:92e55b6e-1dca-5841-9059-c212baf1f976", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 11.2.11-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:067cf212-53a5-512c-81b3-425da37db5e1", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 11.2.11-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b886c76a-2b12-5074-844b-876215091ea9", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 11.2.11-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0ddb6d42-5a59-597d-9dcb-6f1b3e2f3b99", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 11.2.11-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:71365cff-6052-5f33-aeb1-19767402f6de", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 11.2.11-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:13f436e4-f1ff-586a-9d9f-451f313cb975", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 11.2.11-tuxcare.2 of @angular/platform-browser. not_affected \u2014 Angular 11.2.11-tuxcare.2 is NOT AFFECTED by CVE-2026-54264. The service worker in this version does not forward request headers during asset reconstruction, eliminating the cross-origin credential leak vulnerability. The vulnerable method `newRequestWithMetadata` that copies headers from the original request does not exist in this version." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e69f5f3-587c-537a-8aea-297ea0051815", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 11.2.11-tuxcare.2 of @angular/platform-browser. not_affected \u2014 Angular 11.2.11 is not affected by CVE-2026-54265. The vulnerability targets the new Ivy compiler's TwoWayProperty operation in the template compilation pipeline, which does not exist in Angular 11.2.11. In this version, two-way bindings desugar through the same sanitization-aware parsePropertyBinding code path as one-way bindings, ensuring security-sensitive properties are properly sanitized." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:690e6556-815c-5b3d-83d5-c8b80d23cc1a", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 11.2.11-tuxcare.2 of @angular/platform-browser. not_affected \u2014 Angular version 11.2.11 is not affected by CVE-2026-54266. The vulnerable HttpTransferCache feature with weak DJB2 hash-based cache key generation does not exist in this version. This feature was introduced in Angular v16, and version 11.2.11 predates it entirely." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:11c08ebf-898d-57bf-b0f5-ca0246152626", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 11.2.11-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4636152c-3349-52b3-b2fd-9d921005235d", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 11.2.11-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11-tuxcare.2" } ] }