{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:382ef327-bf17-52d8-bfaa-40dbf6ba8974", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-browser@17.1.0", "type": "library", "name": "@angular/platform-browser", "version": "17.1.0", "purl": "pkg:npm/%40angular/platform-browser@17.1.0" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d89359e4-3721-5b42-9449-d89b778344e9", "id": "CVE-2025-59052", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59052 affects version 17.1.0 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] }, { "bom-ref": "urn:uuid:30e52acf-f8e9-56a1-8ec4-5807b113a122", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 17.1.0 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] }, { "bom-ref": "urn:uuid:900cdcdd-ca5e-5618-a545-61bacbff25b8", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 17.1.0 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] }, { "bom-ref": "urn:uuid:abbc5bab-75d8-560a-87e1-cce92c52b795", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 17.1.0 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] }, { "bom-ref": "urn:uuid:115d7d2a-2b4b-5eaf-b869-2009b83c12a0", "id": "CVE-2026-32635", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32635 affects version 17.1.0 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] }, { "bom-ref": "urn:uuid:a7816d04-ae66-50c2-8704-c508dced930a", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 17.1.0 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] }, { "bom-ref": "urn:uuid:eea80d0d-e5b8-5107-8272-faa814c3a943", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 17.1.0 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] }, { "bom-ref": "urn:uuid:7e02b2b4-82e5-5137-8547-d3eeb5c24601", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 17.1.0 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] }, { "bom-ref": "urn:uuid:da4c4dfe-15c1-5971-b0fd-d201cafcef62", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 17.1.0 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] }, { "bom-ref": "urn:uuid:e7e25190-9333-5015-9634-0b8d1c01d16a", "id": "CVE-2026-50170", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50170 affects version 17.1.0 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] }, { "bom-ref": "urn:uuid:d494e21f-2d79-561e-9228-2746653ab5d9", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 17.1.0 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] }, { "bom-ref": "urn:uuid:5796d56f-c50a-59ec-a5b6-a109a74b39c0", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 17.1.0 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] }, { "bom-ref": "urn:uuid:9c22c0a8-39fa-5d19-99b9-0049742b2d43", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 17.1.0 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] }, { "bom-ref": "urn:uuid:271fa1ce-57b5-5779-b74a-aab59eaf7d43", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 17.1.0 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] }, { "bom-ref": "urn:uuid:95197406-82b4-5421-9dc6-c55bef5d9525", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 17.1.0 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] }, { "bom-ref": "urn:uuid:26e08b10-7afe-58ba-982d-1b7104e3ecfd", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 17.1.0 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] }, { "bom-ref": "urn:uuid:3a1deaff-b7d6-507f-bc41-ae819d2727aa", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 17.1.0 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] }, { "bom-ref": "urn:uuid:4ef62e47-cb15-53bf-9ee1-d2c131339bd0", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 17.1.0 of @angular/platform-browser. not_affected \u2014 Angular v17.1.0 does not have the TwoWayProperty IR operation that is the subject of CVE-2026-54265. Two-way bindings are desugared into separate property and event bindings before template pipeline processing, with the property half using the same parsePropertyBinding() code path as one-way property bindings, which are properly sanitized." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] }, { "bom-ref": "urn:uuid:4ed739e4-2119-539a-bf48-b94dc7c41b15", "id": "CVE-2026-54266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54266 affects version 17.1.0 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] }, { "bom-ref": "urn:uuid:261a368b-c9a7-5b51-8d5c-fec29eddb7ed", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 17.1.0 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] }, { "bom-ref": "urn:uuid:2ab95011-aaba-5bc5-a6cd-84359c4e8593", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 17.1.0 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-browser@17.1.0" } ] }