{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6269dd25-608c-526a-9718-a6494a5b9c2c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1", "type": "library", "name": "@angular/platform-browser", "version": "14.2.12-tuxcare.1", "purl": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0a7a29d0-817d-54ab-b036-de677b9e0146", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 14.2.12-tuxcare.1 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:360b7082-56c7-5b3f-90f1-2dc3452f2981", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 14.2.12-tuxcare.1 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:771d35f7-604a-5d51-b7ac-45dcf8487d03", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 14.2.12-tuxcare.1 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67a3ad99-b044-5bee-9d1c-84723a07b296", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 14.2.12-tuxcare.1 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:29b3a900-798d-5b66-8db9-b004f31bb783", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 14.2.12-tuxcare.1 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:61237c46-231e-5fdc-ba2b-fafe255e342e", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 14.2.12-tuxcare.1 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:720c62d4-1732-5e4b-a0ed-5d0e4187835f", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 14.2.12-tuxcare.1 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f05d7b24-2b35-5934-9659-b7cb69ba3182", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 14.2.12-tuxcare.1 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0a906934-72d1-532f-a2f7-1a30dbaa5d79", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 14.2.12-tuxcare.1 of @angular/platform-browser. not_affected \u2014 Angular v14.2.12-tuxcare.1 is not affected by CVE-2026-50170. The HTTP TransferCache feature and client hydration mechanism that contain the vulnerability were introduced in Angular v16+. This version predates that feature introduction and does not have the vulnerable code path." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:79186e1b-110b-52e6-9527-35baee421f81", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 14.2.12-tuxcare.1 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ab4570b-6ba9-5b46-ab5a-921c1171b40f", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 14.2.12-tuxcare.1 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:add3c9ef-114a-5e37-ac8b-160c50baf2ef", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 14.2.12-tuxcare.1 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c706f7b2-58b1-58dc-8e45-46b29d68c09b", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 14.2.12-tuxcare.1 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4b4ac61c-9f90-5d77-b3c0-88095446dbc8", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 14.2.12-tuxcare.1 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7232537e-5581-5a06-ba4f-2e2017bf5f8c", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 14.2.12-tuxcare.1 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:31a41b3e-d3bc-58c9-8df8-0985a4d302e5", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 14.2.12-tuxcare.1 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c7162029-cf4c-5ef4-8957-72b5fcbd2b82", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 14.2.12-tuxcare.1 of @angular/platform-browser. not_affected \u2014 Angular 14.2.12-tuxcare.1 is not affected by CVE-2026-54265. This version uses the pre-pipeline compiler architecture where two-way bindings are desugared into separate property and event bindings, both of which go through proper sanitization. The vulnerability only exists in Angular 17.3.0+ where the template pipeline with TwoWayProperty IR operation was introduced." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c66e4f1-cc74-50e4-aea9-b2f32ef8c383", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 14.2.12-tuxcare.1 of @angular/platform-browser. not_affected \u2014 Angular 14.2.12 is not affected by CVE-2026-54266. The vulnerable HttpTransferCache feature does not exist in this version - it was introduced in Angular v16+. The target has no code path that generates cache keys from HTTP request parameters, and therefore cannot experience cache key collisions." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4a2f7313-5593-57aa-a3ca-4276ad1252ec", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 14.2.12-tuxcare.1 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7c2e8f60-a19a-5b9e-ab3e-0533718112a8", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 14.2.12-tuxcare.1 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-browser@14.2.12-tuxcare.1" } ] }