{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:70df0a2c-42e4-5aaf-a629-b060758f796a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9", "type": "library", "name": "@angular/platform-server", "version": "9.1.13-tuxcare.9", "purl": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:dfcf9b4d-3c4f-5783-a753-794b297d38d3", "id": "CVE-2021-4231", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-4231 is fixed in version 9.1.13-tuxcare.9 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:0290257b-d49f-528f-b987-bc56f9f3b647", "id": "CVE-2025-66035", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66035 affects version 9.1.13-tuxcare.9 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:d48c317c-c063-54f8-be45-103ca0171c20", "id": "CVE-2025-66412", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66412 is fixed in version 9.1.13-tuxcare.9 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:70348488-08fe-5099-9f6d-21365bc9e686", "id": "CVE-2026-22610", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22610 is fixed in version 9.1.13-tuxcare.9 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:0f1d8ce3-7749-502f-a059-e7a62a4a8677", "id": "CVE-2026-27970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-27970 is fixed in version 9.1.13-tuxcare.9 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:efb86518-d45e-5ac4-8fa6-0524d849bcbf", "id": "CVE-2026-41423", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41423 is fixed in version 9.1.13-tuxcare.9 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:2616db88-0ed5-512b-a588-ccc40158aac2", "id": "CVE-2026-46417", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-46417 is fixed in version 9.1.13-tuxcare.9 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:b9347ba9-da9b-5818-8409-8e8403056d5d", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 9.1.13-tuxcare.9 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:8a5314a3-8c13-595f-9d4f-ee06518b28b1", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 9.1.13-tuxcare.9 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:0c8d0210-4093-5eca-b966-a21145606c4c", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 9.1.13-tuxcare.9 of @angular/platform-server. not_affected \u2014 Angular v9.1.13 is not affected by CVE-2026-50170. The vulnerability exists in Angular's HttpTransferCache feature, which was introduced in Angular v16+. This feature does not exist in v9.1.13, making the vulnerability pattern impossible to manifest." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:f9c8b569-adab-537d-af20-9c06d556b840", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 9.1.13-tuxcare.9 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:0faa65dc-cfb3-572a-9554-7d488d0ea406", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 9.1.13-tuxcare.9 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:259ce8af-b307-5090-a527-ede436a3f68f", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 9.1.13-tuxcare.9 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:555ec8e9-ac20-508f-b579-13d987e2d329", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 9.1.13-tuxcare.9 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:9003ac8b-d43e-5591-8318-7270dbf7e41a", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 9.1.13-tuxcare.9 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:9361015b-8060-5045-9189-fe08f6658914", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 9.1.13-tuxcare.9 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:6b75e7da-5d58-5124-a1a7-171dfca2fbfe", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 9.1.13-tuxcare.9 of @angular/platform-server. not_affected \u2014 Angular 9.1.13 is not affected by CVE-2026-54264. The target repository uses a fundamentally different request reconstruction architecture than the vulnerable upstream versions (22.0+). The vulnerability requires the presence of header-copying logic during request reconstruction, which does not exist in this version." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:00940739-1243-58e3-a68c-1d3a0f364fd3", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 9.1.13-tuxcare.9 of @angular/platform-server. not_affected \u2014 Angular 9.1.13-tuxcare.9 is NOT AFFECTED by CVE-2026-54265. The vulnerability exists in newer Ivy compiler's template/pipeline architecture where TwoWayProperty operations bypass sanitizer resolution. This version uses View Engine and early render3 (Ivy) implementations where two-way bindings desugar through the same parsePropertyBinding() path as one-way bindings, ensuring identical sanitizer ..." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:2ca3b060-c6c5-55fd-98cc-ac9042e3d9c1", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 9.1.13-tuxcare.9 of @angular/platform-server. not_affected \u2014 Angular 9.1.13-tuxcare.9 does not contain the HttpTransferCache feature. The vulnerability CVE-2026-54266 affects the hash generation in HttpTransferCache, a feature introduced in Angular v16+. The target version (9.1.13) predates this feature by many major versions. While TransferState (generic state serialization) exists in v9, there is no HTTP caching integration that uses it. The packages/c..." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:a639399d-59f6-54d5-b00f-2d7c4d77f1ac", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 9.1.13-tuxcare.9 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:25e7fa05-0a83-5c8c-88d6-ccaa1f66f745", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 9.1.13-tuxcare.9 of @angular/platform-server." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-server@9.1.13-tuxcare.9" } ] }