{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c1be042e-2483-56c3-a785-4cd0c14a28a8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9", "type": "library", "name": "@angular/platform-webworker-dynamic", "version": "9.1.13-tuxcare.9", "purl": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d7a10466-c981-56f9-8962-a0d60dc61ba9", "id": "CVE-2021-4231", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-4231 is fixed in version 9.1.13-tuxcare.9 of @angular/platform-webworker-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:fec5eb49-53b2-5ebc-99d7-b750355bdb7d", "id": "CVE-2025-66035", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66035 affects version 9.1.13-tuxcare.9 of @angular/platform-webworker-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:c7187e95-9271-56fe-b84f-7efb76610ace", "id": "CVE-2025-66412", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66412 is fixed in version 9.1.13-tuxcare.9 of @angular/platform-webworker-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:70c3bc34-2baf-5821-8c12-fc44885b09e1", "id": "CVE-2026-22610", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22610 is fixed in version 9.1.13-tuxcare.9 of @angular/platform-webworker-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:dcb3fa2f-b0ff-5a07-b95c-2487e9798352", "id": "CVE-2026-27970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-27970 is fixed in version 9.1.13-tuxcare.9 of @angular/platform-webworker-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:f90d9179-36a2-5ed7-b506-6e597128682a", "id": "CVE-2026-41423", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41423 is fixed in version 9.1.13-tuxcare.9 of @angular/platform-webworker-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:7003c51a-ad25-50ed-9370-83b98e694d52", "id": "CVE-2026-46417", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-46417 is fixed in version 9.1.13-tuxcare.9 of @angular/platform-webworker-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:400a4ef5-da4f-50a2-a759-095eb522906d", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 9.1.13-tuxcare.9 of @angular/platform-webworker-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:a15f9326-4895-5a6f-9c11-57e9439e287e", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 9.1.13-tuxcare.9 of @angular/platform-webworker-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:187cbaa3-05e7-5fb0-9f0a-0cf76a4f19d2", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 9.1.13-tuxcare.9 of @angular/platform-webworker-dynamic. not_affected \u2014 Angular v9.1.13 is not affected by CVE-2026-50170. The vulnerability exists in Angular's HttpTransferCache feature, which was introduced in Angular v16+. This feature does not exist in v9.1.13, making the vulnerability pattern impossible to manifest." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:52f0c7ad-e515-5842-9b0a-5d0acf0ae404", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 9.1.13-tuxcare.9 of @angular/platform-webworker-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:feda4ad6-a282-5c71-8a79-e39f1cb54620", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 9.1.13-tuxcare.9 of @angular/platform-webworker-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:33f9b135-e971-5f00-9522-9dff1d179b3e", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 9.1.13-tuxcare.9 of @angular/platform-webworker-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:37c7c34a-2999-5276-b76b-9e7b60e55f30", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 9.1.13-tuxcare.9 of @angular/platform-webworker-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:0453caee-228c-57bd-b393-b2503cc08a22", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 9.1.13-tuxcare.9 of @angular/platform-webworker-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:75c32ce5-76eb-5981-ae80-060a4abcfb05", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 9.1.13-tuxcare.9 of @angular/platform-webworker-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:4eb22b3c-a01c-567f-b5b5-690e0e7abaf5", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 9.1.13-tuxcare.9 of @angular/platform-webworker-dynamic. not_affected \u2014 Angular 9.1.13 is not affected by CVE-2026-54264. The target repository uses a fundamentally different request reconstruction architecture than the vulnerable upstream versions (22.0+). The vulnerability requires the presence of header-copying logic during request reconstruction, which does not exist in this version." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:a2422a55-e725-5623-97e8-38e1c4e190ba", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 9.1.13-tuxcare.9 of @angular/platform-webworker-dynamic. not_affected \u2014 Angular 9.1.13-tuxcare.9 is NOT AFFECTED by CVE-2026-54265. The vulnerability exists in newer Ivy compiler's template/pipeline architecture where TwoWayProperty operations bypass sanitizer resolution. This version uses View Engine and early render3 (Ivy) implementations where two-way bindings desugar through the same parsePropertyBinding() path as one-way bindings, ensuring identical sanitizer ..." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:d0dac011-5b94-5a64-8fee-3ee490af1914", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 9.1.13-tuxcare.9 of @angular/platform-webworker-dynamic. not_affected \u2014 Angular 9.1.13-tuxcare.9 does not contain the HttpTransferCache feature. The vulnerability CVE-2026-54266 affects the hash generation in HttpTransferCache, a feature introduced in Angular v16+. The target version (9.1.13) predates this feature by many major versions. While TransferState (generic state serialization) exists in v9, there is no HTTP caching integration that uses it. The packages/c..." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:29884c0c-c2ca-5dd8-90f1-9d1c553eef28", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 9.1.13-tuxcare.9 of @angular/platform-webworker-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:9142bda5-7ec4-5ea7-aaf0-6a54ad29086b", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 9.1.13-tuxcare.9 of @angular/platform-webworker-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-webworker-dynamic@9.1.13-tuxcare.9" } ] }