{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0b135388-f56a-5c82-84af-48a38f5acd12", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1", "type": "library", "name": "@angular/platform-server", "version": "15.0.3-tuxcare.1", "purl": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:adc4cfda-094a-51b5-acb7-fa37bb2074b5", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 15.0.3-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec636cc3-2915-5684-a786-5c0a10238730", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 15.0.3-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fed8fc99-e7e1-51d6-bc92-5db013953d0d", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 15.0.3-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf2e2c92-5e9f-564c-923f-21231a9583bb", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 15.0.3-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:95a0c319-3fac-5ecf-928f-59a4c055d8f9", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 15.0.3-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b43ff540-8d43-5e2f-96d1-ede767331fa9", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 15.0.3-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d9bd5da4-01de-568c-8985-b9b54f1dee22", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 15.0.3-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d7d55d6e-1ded-57b7-8e76-68c9d6fe62d1", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 15.0.3-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5d779af5-7cd5-5866-810f-ee632bbbd073", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 15.0.3-tuxcare.1 of @angular/platform-server. not_affected \u2014 Angular 15.0.3-tuxcare.1 is NOT affected by CVE-2026-50170. The HTTP TransferCache feature that is vulnerable in later Angular versions (v16+) does not exist in this version. The vulnerable code (transfer_cache.ts, hasAuthHeaders(), shouldCacheRequest(), withHttpTransferCache, provideClientHydration) is absent from Angular 15.0.3." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e1daf200-6bb3-5a3b-8076-e0c5b14a377a", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 15.0.3-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:448f4188-a096-50de-9353-fa30df42f08b", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 15.0.3-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:881abced-f9ce-5d3e-ad6e-319afaa34073", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 15.0.3-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7725f9fd-2437-596f-bee5-3f65e86109a0", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 15.0.3-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67656d1e-791e-53c9-9a5f-03cb48b7705a", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 15.0.3-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6596b8e8-25c8-54f0-ae51-912295ac8e98", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 15.0.3-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64a7cea5-2c95-52ab-a15e-e857b3b74482", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 15.0.3-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:106766aa-ba13-5f7a-98f6-14b7515b4dd0", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 15.0.3-tuxcare.1 of @angular/platform-server. not_affected \u2014 Angular 15.0.3 is NOT AFFECTED by CVE-2026-54265. This version uses a different compiler architecture where two-way bindings desugar through the same code path as one-way bindings, both receiving identical security context resolution and sanitizer assignment. The vulnerable code (Ivy template pipeline with separate TwoWayProperty operation type) does not exist in this version." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab3423a9-72bd-5949-af19-53031ac362c7", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 15.0.3-tuxcare.1 of @angular/platform-server. not_affected \u2014 Angular v15.0.3-tuxcare.1 is NOT affected by CVE-2026-54266. The vulnerable HttpTransferCache feature with weak DJB2 hash-based cache keys does not exist in this version. This feature was introduced in Angular v16+. The target has no code path from HTTP request handling to the vulnerability's cache poisoning goal." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:926fe178-3cc5-50f5-9e51-01d65d25d2a1", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 15.0.3-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:db8ec530-43cb-58cd-b4d8-6951e0d91874", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 15.0.3-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-server@15.0.3-tuxcare.1" } ] }