{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4f9e822b-b522-511e-86fe-86c1c44169bf", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.4", "type": "library", "name": "@angular/platform-server", "version": "19.2.21-tuxcare.4", "purl": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1c9c57ee-a82a-5fab-b219-1b1fd8756768", "id": "CVE-2026-27970", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-27970 does not affect version 19.2.21-tuxcare.4 of @angular/platform-server. already_fixed \u2014 The target repository (Angular 19.2.21-tuxcare.4) already contains the fix for CVE-2026-27970. The vulnerability (XSS via unsanitized HTML attributes in ICU message translations) has been addressed by TuxCare in prior backports. The defense mechanism in packages/core/src/render3/i18n/i18n_parse.ts lines 829-843 implements the same attribute allowlist validation as the vendor patch, blocking URI..." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:72f9404c-b0b7-5af0-87a3-ab5a85d3f3e7", "id": "CVE-2026-46417", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-46417 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7f30d1b2-20d2-5c2d-9b1c-8ce6fb136285", "id": "CVE-2026-50168", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50168 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4170f038-eea6-53cf-b114-13c587aa6cb5", "id": "CVE-2026-50169", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50169 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2618b662-7d74-584e-a8d8-7a0f59975702", "id": "CVE-2026-50170", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50170 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:57589d91-f8d5-511c-a7c0-28b46669acee", "id": "CVE-2026-50171", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50171 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c30a299d-04cd-568b-a7fd-43bd2880205e", "id": "CVE-2026-50184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50184 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8e327366-df78-5ac2-9a6c-efa02bd69b0b", "id": "CVE-2026-50555", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50555 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4d4d9034-360e-5d9d-93e5-11665a9940fc", "id": "CVE-2026-50556", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50556 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ce1932ad-530a-5abe-93e7-c8437d6ca2d5", "id": "CVE-2026-50557", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50557 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a9d1e553-6969-5b4a-9a63-4f6c178a6034", "id": "CVE-2026-52725", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-52725 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:60df2f50-7902-5297-b89d-6c006278572b", "id": "CVE-2026-54264", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54264 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5389d13f-61a7-51ec-805b-e0f173a07f1f", "id": "CVE-2026-54265", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54265 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ce4570a3-f99b-5275-b65e-4a495d44763f", "id": "CVE-2026-54266", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54266 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fb90cc34-32b5-514a-aa77-a4e43c32971a", "id": "CVE-2026-54267", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54267 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3364fde4-c85d-554a-be9e-1bb844a18b60", "id": "CVE-2026-54268", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54268 is fixed in version 19.2.21-tuxcare.4 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-server@19.2.21-tuxcare.4" } ] }