{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6f95183c-4220-5700-8f24-81f175bca674", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1", "type": "library", "name": "@angular/platform-server", "version": "14.2.12-tuxcare.1", "purl": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a7a2f0a9-3b83-57a9-a3fd-20dbb124afd6", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 14.2.12-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:587b1c6d-b839-515a-8ad0-bc37cbcf3e62", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 14.2.12-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c0f9107d-09ec-5631-89eb-744c56def6a2", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 14.2.12-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:705328ff-a050-58bd-a366-9f154c18b965", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 14.2.12-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b883a3ff-397f-5af8-8273-0ddc554be247", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 14.2.12-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6d035a46-3ad4-5d48-9303-278bb147bd4e", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 14.2.12-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82b025fc-9ba8-5888-84cb-20c6f77dab5a", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 14.2.12-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b9039a28-4296-527d-9618-5a81018dddc3", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 14.2.12-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:197ed9f9-e67f-50c5-85a5-b1dba6038210", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 14.2.12-tuxcare.1 of @angular/platform-server. not_affected \u2014 Angular v14.2.12-tuxcare.1 is not affected by CVE-2026-50170. The HTTP TransferCache feature and client hydration mechanism that contain the vulnerability were introduced in Angular v16+. This version predates that feature introduction and does not have the vulnerable code path." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a9eb7cde-ad91-5c1c-ac36-b24895e3064f", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 14.2.12-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce880738-5f23-504e-a584-a2a61044b51e", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 14.2.12-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef6dca6b-3597-5102-8d75-82de8cf44932", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 14.2.12-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:295b6909-da5e-50ff-abc4-4a95613accdd", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 14.2.12-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4fcf19e9-2ae3-5a8b-b792-80428f9f06c2", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 14.2.12-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:670eab3d-66a5-598e-9d7e-39c9af58f3f1", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 14.2.12-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:be2cdfda-0929-5481-b0a0-23f908d35003", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 14.2.12-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f655d24-bffb-53e2-a25d-13106b9b2c04", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 14.2.12-tuxcare.1 of @angular/platform-server. not_affected \u2014 Angular 14.2.12-tuxcare.1 is not affected by CVE-2026-54265. This version uses the pre-pipeline compiler architecture where two-way bindings are desugared into separate property and event bindings, both of which go through proper sanitization. The vulnerability only exists in Angular 17.3.0+ where the template pipeline with TwoWayProperty IR operation was introduced." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:34e43dc0-17a1-54bc-a57b-e540ad09eed7", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 14.2.12-tuxcare.1 of @angular/platform-server. not_affected \u2014 Angular 14.2.12 is not affected by CVE-2026-54266. The vulnerable HttpTransferCache feature does not exist in this version - it was introduced in Angular v16+. The target has no code path that generates cache keys from HTTP request parameters, and therefore cannot experience cache key collisions." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:560888e7-431a-5e8f-99c9-67fd755bdea0", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 14.2.12-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5556ccd3-0e21-5084-a654-42ed2070e4ed", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 14.2.12-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-server@14.2.12-tuxcare.1" } ] }