{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9e0526a9-ad18-5e48-8213-2d4e85e8b8c5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-server@17.1.0", "type": "library", "name": "@angular/platform-server", "version": "17.1.0", "purl": "pkg:npm/%40angular/platform-server@17.1.0" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f8c31491-6f8e-5ec0-9c2c-c9ed8df22b83", "id": "CVE-2025-59052", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59052 affects version 17.1.0 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] }, { "bom-ref": "urn:uuid:aa7bd748-ee81-59b3-9434-969d9871a111", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 17.1.0 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] }, { "bom-ref": "urn:uuid:e910393b-48b3-5273-b5b1-05aca18b70df", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 17.1.0 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] }, { "bom-ref": "urn:uuid:2fc25eff-be9f-5a50-ad6a-e10494cf9afd", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 17.1.0 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] }, { "bom-ref": "urn:uuid:279e354e-b069-5742-ae0e-e35e733e70d7", "id": "CVE-2026-32635", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32635 affects version 17.1.0 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] }, { "bom-ref": "urn:uuid:1d18cee9-8330-5012-ad2d-1c403ad563c8", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 17.1.0 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] }, { "bom-ref": "urn:uuid:64828421-64fe-588a-978a-3eb92ee0cb8a", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 17.1.0 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] }, { "bom-ref": "urn:uuid:f86ba901-c9fd-5d3a-bf6e-c73ad37fd178", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 17.1.0 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] }, { "bom-ref": "urn:uuid:785ec39c-f716-559c-909b-a22c27dba223", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 17.1.0 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] }, { "bom-ref": "urn:uuid:103ebaf6-3d64-540a-9f72-f0900ac472fa", "id": "CVE-2026-50170", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50170 affects version 17.1.0 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] }, { "bom-ref": "urn:uuid:b50672b4-72f4-5a16-8e69-a8f3b2c25d32", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 17.1.0 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] }, { "bom-ref": "urn:uuid:24ae5add-aeb4-58db-b560-e7c9ea39f819", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 17.1.0 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] }, { "bom-ref": "urn:uuid:5f8223c6-9930-57a9-bb19-9bd4c381449e", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 17.1.0 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] }, { "bom-ref": "urn:uuid:8a4e4143-5bd8-568a-b685-5223f2db6ba6", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 17.1.0 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] }, { "bom-ref": "urn:uuid:32979992-3620-5ad9-8750-fe5cdaefb121", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 17.1.0 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] }, { "bom-ref": "urn:uuid:1a278d62-0c5b-5bab-9ac7-ef5976929d68", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 17.1.0 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] }, { "bom-ref": "urn:uuid:380781af-d484-5fa9-9808-610f2b3326fd", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 17.1.0 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] }, { "bom-ref": "urn:uuid:f6f27044-6009-5ff4-86ff-eb495d1f560a", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 17.1.0 of @angular/platform-server. not_affected \u2014 Angular v17.1.0 does not have the TwoWayProperty IR operation that is the subject of CVE-2026-54265. Two-way bindings are desugared into separate property and event bindings before template pipeline processing, with the property half using the same parsePropertyBinding() code path as one-way property bindings, which are properly sanitized." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] }, { "bom-ref": "urn:uuid:f3377f1c-a8ff-51d5-b883-b2dbc86bb972", "id": "CVE-2026-54266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54266 affects version 17.1.0 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] }, { "bom-ref": "urn:uuid:6d8d96a6-a066-5c88-93fc-76c9fb36cfb3", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 17.1.0 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] }, { "bom-ref": "urn:uuid:ab6b0fce-b125-5636-a9ff-74558ba62813", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 17.1.0 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-server@17.1.0" } ] }