{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7e31b390-62f7-571c-a6f0-a15d2f51f02d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.2", "type": "library", "name": "@angular/platform-server", "version": "19.2.21-tuxcare.2", "purl": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c8414bcd-a9ba-5f9d-bd85-c2e48ab6c210", "id": "CVE-2026-27970", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-27970 does not affect version 19.2.21-tuxcare.2 of @angular/platform-server. already_fixed \u2014 The target repository (Angular 19.2.21-tuxcare.4) already contains the fix for CVE-2026-27970. The vulnerability (XSS via unsanitized HTML attributes in ICU message translations) has been addressed by TuxCare in prior backports. The defense mechanism in packages/core/src/render3/i18n/i18n_parse.ts lines 829-843 implements the same attribute allowlist validation as the vendor patch, blocking URI..." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:776a54a6-164c-5cdd-8884-22ba3ef6944e", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 19.2.21-tuxcare.2 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4316c305-f81f-5c9b-a245-add5bb9d0362", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 19.2.21-tuxcare.2 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b485558b-b0f3-5a52-a1ce-3c036313beb5", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 19.2.21-tuxcare.2 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a5a40c1-56c7-566a-ab0b-ad1ed9d76af6", "id": "CVE-2026-50170", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50170 affects version 19.2.21-tuxcare.2 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d41080b6-68d3-5f58-a72c-a14e98afea7a", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 19.2.21-tuxcare.2 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6677d517-d4d6-570d-8f88-bea65ecd463d", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 19.2.21-tuxcare.2 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cccc8903-8628-5ac9-b02a-e5ed8ac245a6", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 19.2.21-tuxcare.2 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7b6fd50a-2d54-5cc5-a391-f8f378640caa", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 19.2.21-tuxcare.2 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:adad52a6-b49e-5f45-9c4e-8d395b2add7b", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 19.2.21-tuxcare.2 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7dc469d9-c044-50c5-b99f-d06aa428e542", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 19.2.21-tuxcare.2 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3ed63e22-1fee-5214-aa78-cee437fbf9e1", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 19.2.21-tuxcare.2 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f72a9946-bc39-5161-8e08-cf1f3c9bc263", "id": "CVE-2026-54265", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54265 affects version 19.2.21-tuxcare.2 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a96153bf-2ed0-52ca-b5f8-2dd2a49d8d0d", "id": "CVE-2026-54266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54266 affects version 19.2.21-tuxcare.2 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79ec22f1-cbb6-5dc9-920a-f7114030b974", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 19.2.21-tuxcare.2 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6855031d-607d-5bef-9cab-3ba58aa4da7b", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 19.2.21-tuxcare.2 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.2" } ] }