{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:964cfa2e-3785-5e0a-96b5-f6fe73c0b8a8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-browser@19.2.21-tuxcare.4", "type": "library", "name": "@angular/platform-browser", "version": "19.2.21-tuxcare.4", "purl": "pkg:npm/%40angular/platform-browser@19.2.21-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:958e34a5-8671-5f82-8fec-98ee21e7a290", "id": "CVE-2026-27970", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-27970 does not affect version 19.2.21-tuxcare.4 of @angular/platform-browser. already_fixed \u2014 The target repository (Angular 19.2.21-tuxcare.4) already contains the fix for CVE-2026-27970. The vulnerability (XSS via unsanitized HTML attributes in ICU message translations) has been addressed by TuxCare in prior backports. The defense mechanism in packages/core/src/render3/i18n/i18n_parse.ts lines 829-843 implements the same attribute allowlist validation as the vendor patch, blocking URI..." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c33cf92d-2143-54ff-8b5f-263506d5a22a", "id": "CVE-2026-46417", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-46417 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7366d848-e291-5fe4-a518-6c496b034d5e", "id": "CVE-2026-50168", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50168 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9e693d60-bda2-5eb4-a313-020e9e1399c5", "id": "CVE-2026-50169", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50169 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6f65dd29-0e9e-5cc3-bf95-c331f6f6a0ca", "id": "CVE-2026-50170", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50170 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:43cef3e6-9a3a-52a4-a681-f8367b800ca7", "id": "CVE-2026-50171", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50171 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4273ec78-c233-5b0e-9ac0-07a40a367369", "id": "CVE-2026-50184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50184 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ec497c0a-c68f-545f-8ad8-7da79c8e8b55", "id": "CVE-2026-50555", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50555 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a01ead2b-a5bf-5752-b271-7709d8be82ba", "id": "CVE-2026-50556", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50556 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:47892751-2f2c-58d5-85eb-50ec74a25f1d", "id": "CVE-2026-50557", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50557 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e7624455-e228-5741-844e-6d705fb1fe8a", "id": "CVE-2026-52725", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-52725 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5ddc3864-85d4-5454-b494-39beaed5079d", "id": "CVE-2026-54264", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54264 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1252ded7-25dc-5860-ad6f-6635c8521729", "id": "CVE-2026-54265", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54265 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1de1f87e-0679-57e5-a21f-189aef5c948c", "id": "CVE-2026-54266", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54266 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ead32467-8a20-56b9-9107-de38a1003344", "id": "CVE-2026-54267", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54267 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e1e4d52f-a39a-509a-a11c-afb8138fd061", "id": "CVE-2026-54268", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54268 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@19.2.21-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-browser@19.2.21-tuxcare.4" } ] }