{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:eba2d60a-9eb4-5140-bf63-cc647d1cb9a8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10", "type": "library", "name": "@angular/platform-browser", "version": "9.1.13-tuxcare.10", "purl": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:903e421e-8b10-5e26-89c3-dfa8c486b1da", "id": "CVE-2021-4231", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-4231 is fixed in version 9.1.13-tuxcare.10 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:1231408b-23e4-5540-ae98-ced5a652a278", "id": "CVE-2025-66035", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66035 affects version 9.1.13-tuxcare.10 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:7337d025-e98d-5ca1-b812-11ae26e3faab", "id": "CVE-2025-66412", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66412 is fixed in version 9.1.13-tuxcare.10 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:2068d140-019c-5eda-b376-b602bbe7b142", "id": "CVE-2026-22610", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22610 is fixed in version 9.1.13-tuxcare.10 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:6b519942-ce0f-5878-8fc0-60a2bc0763a5", "id": "CVE-2026-27970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-27970 is fixed in version 9.1.13-tuxcare.10 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:c8bfa4b4-3c28-57d5-815f-c1c7944c721b", "id": "CVE-2026-41423", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41423 is fixed in version 9.1.13-tuxcare.10 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:a79965ce-5dde-53fc-943c-00a60173bb23", "id": "CVE-2026-46417", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-46417 is fixed in version 9.1.13-tuxcare.10 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:d94ebe2d-16e9-5116-bd7d-f971e23fab26", "id": "CVE-2026-50168", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50168 is fixed in version 9.1.13-tuxcare.10 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:94b9f332-c296-51c0-92e0-e46bdaa9b356", "id": "CVE-2026-50169", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50169 is fixed in version 9.1.13-tuxcare.10 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:ece993be-ece3-5da8-9856-2e6d1cbf5550", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 9.1.13-tuxcare.10 of @angular/platform-browser. not_affected \u2014 Angular v9.1.13 is not affected by CVE-2026-50170. The vulnerability exists in Angular's HttpTransferCache feature, which was introduced in Angular v16+. This feature does not exist in v9.1.13, making the vulnerability pattern impossible to manifest." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:96ea7026-9b06-5767-a2b3-dc0b5d8a459d", "id": "CVE-2026-50171", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50171 is fixed in version 9.1.13-tuxcare.10 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:be8949f8-e164-5daa-b438-50b3dc901df2", "id": "CVE-2026-50184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50184 is fixed in version 9.1.13-tuxcare.10 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:9b529ddb-7fd2-5c66-ae28-11e21618ba0a", "id": "CVE-2026-50555", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50555 is fixed in version 9.1.13-tuxcare.10 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:39bc68a7-0178-5af3-b449-1ef9daa7a090", "id": "CVE-2026-50556", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50556 is fixed in version 9.1.13-tuxcare.10 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:ef1bc0ae-6e1a-5098-a17e-da409f71258a", "id": "CVE-2026-50557", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50557 is fixed in version 9.1.13-tuxcare.10 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:170b256b-f72b-5a7a-b7d8-6eb21e8e2718", "id": "CVE-2026-52725", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-52725 is fixed in version 9.1.13-tuxcare.10 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:3097c8a6-c83e-580e-a76c-e2451673551e", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 9.1.13-tuxcare.10 of @angular/platform-browser. not_affected \u2014 Angular 9.1.13 is not affected by CVE-2026-54264. The target repository uses a fundamentally different request reconstruction architecture than the vulnerable upstream versions (22.0+). The vulnerability requires the presence of header-copying logic during request reconstruction, which does not exist in this version." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:eec1a8b7-9f7e-5f74-834f-b7c4d96e7e77", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 9.1.13-tuxcare.10 of @angular/platform-browser. not_affected \u2014 Angular 9.1.13-tuxcare.9 is NOT AFFECTED by CVE-2026-54265. The vulnerability exists in newer Ivy compiler's template/pipeline architecture where TwoWayProperty operations bypass sanitizer resolution. This version uses View Engine and early render3 (Ivy) implementations where two-way bindings desugar through the same parsePropertyBinding() path as one-way bindings, ensuring identical sanitizer ..." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:2f76bcc8-d08d-5299-ab6d-94a216636124", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 9.1.13-tuxcare.10 of @angular/platform-browser. not_affected \u2014 Angular 9.1.13-tuxcare.9 does not contain the HttpTransferCache feature. The vulnerability CVE-2026-54266 affects the hash generation in HttpTransferCache, a feature introduced in Angular v16+. The target version (9.1.13) predates this feature by many major versions. While TransferState (generic state serialization) exists in v9, there is no HTTP caching integration that uses it. The packages/c..." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:b0c26a34-6891-5fcf-a354-371d26c77c20", "id": "CVE-2026-54267", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54267 is fixed in version 9.1.13-tuxcare.10 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:5d306f7c-c0b7-5f52-9398-af0d1886e85f", "id": "CVE-2026-54268", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54268 is fixed in version 9.1.13-tuxcare.10 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-browser@9.1.13-tuxcare.10" } ] }