{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6d009e0c-4ef8-55e9-894b-acb679ff27e4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1", "type": "library", "name": "@angular/platform-server", "version": "15.2.2-tuxcare.1", "purl": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c27ab6d9-ed92-57cb-8eb3-85aca97c4d69", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 15.2.2-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:06e79afa-c89e-5711-9705-b5c009b1d8e0", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 15.2.2-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:171aee66-2ce5-5f0f-b74c-8c27e31656ba", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 15.2.2-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e39dc96-82b1-5788-8463-075692c6f11c", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 15.2.2-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:75500155-3bb6-5e7d-bea2-1af352fbc7b9", "id": "CVE-2026-41423", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41423 does not affect version 15.2.2-tuxcare.1 of @angular/platform-server. not_affected \u2014 The target repository (Angular 15.2.2-tuxcare.1) is NOT affected by CVE-2026-41423. While the target lacks the specific fix from the upstream patch, it uses a fundamentally different URL parsing mechanism (Node.js legacy url.parse()) that does not exhibit the WHATWG URL specification behavior exploited in the vulnerability." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1644f8e7-0795-53c5-8967-ff71828fd144", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 15.2.2-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad479db3-8662-5108-9e2a-617d55365e9d", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 15.2.2-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e36efe6-4a9c-5a3d-8ed4-1e0d87c2fab8", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 15.2.2-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3b3df19-8464-5c01-b2b4-df8fe7d8ecf0", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 15.2.2-tuxcare.1 of @angular/platform-server. not_affected \u2014 Angular v15.2.2 is not affected by CVE-2026-50170. The HTTP TransferCache feature, which is the subject of the vulnerability, was introduced in Angular v16.0.0 (March 2023). The target repository version (15.2.2-tuxcare.1) predates this feature entirely and does not contain the vulnerable code path." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd7e01c1-9bcc-5f0c-baa9-392856b84460", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 15.2.2-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:68623634-ceb3-54f6-95c6-be7c3f1d1ab9", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 15.2.2-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb30afe9-c3f2-5185-92ce-ed789664b772", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 15.2.2-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d78ceb8a-f88f-510c-900e-da0c14b871d9", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 15.2.2-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b86f787-5854-5147-be77-9269c127334c", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 15.2.2-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ebc5b983-a22c-5dfe-b01f-2d732b07174c", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 15.2.2-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:48499ea8-0757-53dd-b214-dfdbb9311145", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 15.2.2-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:deb00851-b533-57b3-9514-1f19dc46ffcf", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 15.2.2-tuxcare.1 of @angular/platform-server. not_affected \u2014 Angular v15.2.2 does not contain the vulnerable code path. The CVE-2026-54265 vulnerability affects the template pipeline's resolve_sanitizers.ts (TwoWayProperty operation), which does not exist in v15.2.2. This version uses TemplateDefinitionBuilder where two-way bindings desugar to regular property bindings that receive identical sanitization as one-way bindings." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:208f6bae-abd2-55ea-8e81-cd132ddf999d", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 15.2.2-tuxcare.1 of @angular/platform-server. not_affected \u2014 Angular 15.2.2 is not affected by CVE-2026-54266. The vulnerable HttpTransferCache feature was introduced in Angular 16.0.0 (May 2023), after this version was released (March 2023). The target codebase does not contain the transfer_cache.ts module, HttpTransferCache API, or any HTTP response caching mechanism that uses hash-based cache keys." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c5facf03-63bb-5ed4-8153-ce28952d9d65", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 15.2.2-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bb052e35-92ce-5fec-afd7-ef56c0616367", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 15.2.2-tuxcare.1 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-server@15.2.2-tuxcare.1" } ] }