{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fc20e37a-c974-5577-af8d-c58612db00c1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2", "type": "library", "name": "@angular/platform-browser", "version": "12.0.0-tuxcare.2", "purl": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:301fcb10-cdd6-515b-ab44-735f8f845e58", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 12.0.0-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5d858045-cf37-5be6-a78f-0a1df381e9aa", "id": "CVE-2025-66412", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66412 is fixed in version 12.0.0-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:62bb9c43-bd5a-5d49-9e18-116704ddfba1", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 12.0.0-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a1d4b56b-b2f2-5b54-97bf-c3a8650c0577", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 12.0.0-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5a7497be-cb16-5346-8962-1f29e1f1d586", "id": "CVE-2026-41423", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41423 does not affect version 12.0.0-tuxcare.2 of @angular/platform-browser. not_affected \u2014 The target repository (Angular v12.0.0-tuxcare.2) is not affected by CVE-2026-41423. This version uses Node.js url.parse() for URL parsing, which does not exhibit the hostname override vulnerability. The CVE affects Angular versions 21.0.4+ where the codebase was refactored to use the URL constructor with a base parameter, allowing protocol-relative URLs (//evil.com) to override the hostname. T..." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6b828167-172a-523f-9bd5-d958707799cf", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 12.0.0-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:65be3a23-6122-5cc7-971f-51a47d7224bf", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 12.0.0-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0ece1eb3-36e2-5da6-afdc-058494e4ed31", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 12.0.0-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:67264904-a982-57dc-8fb0-774ecfbfbf48", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 12.0.0-tuxcare.2 of @angular/platform-browser. not_affected \u2014 Angular v12.0.0-tuxcare.2 is not affected by CVE-2026-50170. The HTTP transfer cache feature that contains the vulnerability does not exist in this version. The transfer cache was introduced in Angular v16+, while this is version 12." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:15e6715a-ef75-5887-922d-c629e1b46f4b", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 12.0.0-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bca34c1f-da11-546d-be9c-e96c9961eea7", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 12.0.0-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23ae8a12-3976-5924-aba4-e68426499db4", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 12.0.0-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:99f3f2f3-3b50-51e9-816c-1c4e4df80edf", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 12.0.0-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:53088833-eba8-51e2-b2c4-313e4ee67949", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 12.0.0-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8422749d-4b38-5501-93fd-06377730fef1", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 12.0.0-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:02da916f-6b26-5a08-9efe-3a471d64cb7d", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 12.0.0-tuxcare.2 of @angular/platform-browser. not_affected \u2014 Angular version 12.0.0 is not affected by CVE-2026-54264. The service worker's AssetGroup class does not preserve request headers when making network requests, including on cross-origin redirects. Version 12.0.0 predates the architectural change that introduced metadata preservation (including headers), which was later found to be vulnerable in versions 20.x-22.x." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9dcbd1ef-5276-59d0-9125-1187a5e586d1", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 12.0.0-tuxcare.2 of @angular/platform-browser. not_affected \u2014 Angular 12.0.0-tuxcare.2 is not affected by CVE-2026-54265. The vulnerability is specific to the Ivy template pipeline architecture with TwoWayProperty IR operations (introduced in Angular 20+). Angular 12 uses a different architecture where two-way bindings are desugared at parse time into separate property and event bindings, and the property binding is sanitized through the same code path as..." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a2c46df-9f7b-5e38-8863-8a3041321cfb", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 12.0.0-tuxcare.2 of @angular/platform-browser. not_affected \u2014 Angular v12.0.0-tuxcare.2 is not affected by CVE-2026-54266. The HttpTransferCache feature containing the weak DJB2 hash vulnerability does not exist in this version - it was introduced in Angular v16+." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba438b4f-e744-5ef7-bfe4-d18bc96c801e", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 12.0.0-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:872810c9-d732-56f3-8c5a-2588a4227bd0", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 12.0.0-tuxcare.2 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-browser@12.0.0-tuxcare.2" } ] }