{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:7d313e25-7be4-5fc2-ae06-40cb2a2e6da8",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3",
      "type": "library",
      "name": "@angular/platform-server",
      "version": "11.2.14-tuxcare.3",
      "purl": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:8eab9600-c9f5-5078-887f-7bd0536594d3",
      "id": "CVE-2025-66035",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-66035 affects version 11.2.14-tuxcare.3 of @angular/platform-server."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4e603ade-051a-5cae-a89f-6c5af6693d3b",
      "id": "CVE-2025-66412",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-66412 is fixed in version 11.2.14-tuxcare.3 of @angular/platform-server."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9f881ca5-7eb2-5a40-986e-1002b39660ce",
      "id": "CVE-2026-22610",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-22610 is fixed in version 11.2.14-tuxcare.3 of @angular/platform-server."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:368001ee-cf81-5e7d-9358-57b796142442",
      "id": "CVE-2026-27970",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-27970 affects version 11.2.14-tuxcare.3 of @angular/platform-server."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:60e9ee31-4ff3-5c09-86d9-fe617e888d78",
      "id": "CVE-2026-41423",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-41423 is fixed in version 11.2.14-tuxcare.3 of @angular/platform-server."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:86a547e5-fb3f-55ee-9870-b61e85114070",
      "id": "CVE-2026-46417",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-46417 affects version 11.2.14-tuxcare.3 of @angular/platform-server."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:847267ed-72df-5dc4-9b02-953656930721",
      "id": "CVE-2026-50168",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50168 affects version 11.2.14-tuxcare.3 of @angular/platform-server."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7e99b82f-54d7-51d3-be14-ae1641f95e2e",
      "id": "CVE-2026-50169",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50169 affects version 11.2.14-tuxcare.3 of @angular/platform-server."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0599d6a1-98df-5769-a8f3-4238e4b0e0a8",
      "id": "CVE-2026-50170",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-50170 does not affect version 11.2.14-tuxcare.3 of @angular/platform-server. not_affected \u2014 Angular v11.2.14 is NOT affected by CVE-2026-50170. The vulnerability requires the HttpTransferCache feature for server-side rendering (SSR) and client hydration, which was introduced in Angular v16. Version 11.2.14 predates this feature and lacks the vulnerable code path entirely."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b9a3be20-6c2b-5b1b-9e86-f7bcd64ea3a9",
      "id": "CVE-2026-50171",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50171 affects version 11.2.14-tuxcare.3 of @angular/platform-server."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a94ec219-d480-5e14-926c-c6a5a917d61d",
      "id": "CVE-2026-50184",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50184 affects version 11.2.14-tuxcare.3 of @angular/platform-server."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8e22e758-b3a1-5806-b021-c4c5491ce4c9",
      "id": "CVE-2026-50555",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50555 affects version 11.2.14-tuxcare.3 of @angular/platform-server."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:068e7017-5fcb-54bd-bfde-8d05c58f8fef",
      "id": "CVE-2026-50556",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50556 affects version 11.2.14-tuxcare.3 of @angular/platform-server."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:57b4fa76-afd3-54f5-b281-363402205bda",
      "id": "CVE-2026-50557",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50557 affects version 11.2.14-tuxcare.3 of @angular/platform-server."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f6b78615-025c-5bbb-97e4-0fc64f92c45d",
      "id": "CVE-2026-52725",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-52725 affects version 11.2.14-tuxcare.3 of @angular/platform-server."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8070aaf3-5487-5580-b1cb-c7de42d941a8",
      "id": "CVE-2026-54264",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54264 does not affect version 11.2.14-tuxcare.3 of @angular/platform-server. not_affected \u2014 Angular 11.2.14-tuxcare.7 is not affected by CVE-2026-54264. The service worker's request reconstruction architecture never forwards headers, eliminating the attack vector."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5cccb24d-13d4-520a-818f-cab3513d3bdd",
      "id": "CVE-2026-54265",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54265 does not affect version 11.2.14-tuxcare.3 of @angular/platform-server. not_affected \u2014 Angular 11.2.14-tuxcare.7 is not affected by CVE-2026-54265. The vulnerability requires the template/pipeline architecture with TwoWayProperty operation kind, introduced in Angular 17+. Angular 11 uses a different compilation architecture where two-way bindings are desugared into one-way property bindings that receive proper sanitization resolution."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b43f067e-df53-5c1f-9a9b-eef36c10760f",
      "id": "CVE-2026-54266",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54266 does not affect version 11.2.14-tuxcare.3 of @angular/platform-server. not_affected \u2014 Angular 11.2.14-tuxcare.7 is NOT affected by CVE-2026-54266. The vulnerable HttpTransferCache feature with weak DJB2 hash does not exist in this version. HttpTransferCache was introduced in Angular 16.0.0 (March 2023), while the target is Angular 11.2.14 (released much earlier). The file packages/common/http/src/transfer_cache.ts and its vulnerable generateHash() function do not exist in the ta..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a2191e77-4ad8-576e-a1f1-1a026d3c46e6",
      "id": "CVE-2026-54267",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54267 affects version 11.2.14-tuxcare.3 of @angular/platform-server."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:317da7b7-cdf2-58e0-ad32-18da18e3f44c",
      "id": "CVE-2026-54268",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54268 affects version 11.2.14-tuxcare.3 of @angular/platform-server."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/%40angular/platform-server@11.2.14-tuxcare.3"
    }
  ]
}