{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:60c74359-7405-52e6-ab27-5f52bfee0e08", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1", "type": "library", "name": "@angular/platform-webworker", "version": "9.1.13-tuxcare.1", "purl": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d71acd88-bab2-55b7-8a30-955c61443d68", "id": "CVE-2021-4231", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-4231 affects version 9.1.13-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f1bf2a9d-366e-58cf-9c61-62462d0aad5d", "id": "CVE-2025-66035", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66035 affects version 9.1.13-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2baea187-570b-5bd0-97b4-6960dd5ed379", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 9.1.13-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:790003c6-7e5d-5c38-a516-6bf15ba596c1", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 9.1.13-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:468c8ed3-52ec-5ed6-b430-9271fe2f84bc", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 9.1.13-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc44ebd4-c3db-578d-b84b-d3ef8a86cdce", "id": "CVE-2026-41423", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41423 is fixed in version 9.1.13-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:79ea5087-fb5c-5831-93e7-85d7b0404119", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 9.1.13-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64177119-61f6-5dd5-8a4a-1a61130ec079", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 9.1.13-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:971ce168-4303-5490-8aad-6c26a6162949", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 9.1.13-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f4e35ea-ba83-5e7d-8980-6ff36126039d", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 9.1.13-tuxcare.1 of @angular/platform-webworker. not_affected \u2014 Angular v9.1.13 is not affected by CVE-2026-50170. The vulnerability exists in Angular's HttpTransferCache feature, which was introduced in Angular v16+. This feature does not exist in v9.1.13, making the vulnerability pattern impossible to manifest." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82aacbbb-e6b3-563e-9a97-77c6c6799f32", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 9.1.13-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9d48840-4253-569a-ad93-ddf7e025e234", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 9.1.13-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9ec819e-9aab-5b8d-9809-4e7d37f29b32", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 9.1.13-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c6693bd4-7696-5887-bcc9-015ddb4e2689", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 9.1.13-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:88ee9a34-c5c6-5627-a95e-8318ef53ba67", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 9.1.13-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1212b346-d904-5306-a079-3f5c03afce32", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 9.1.13-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf7dff53-8b8d-58a8-b3c4-777d47a3584a", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 9.1.13-tuxcare.1 of @angular/platform-webworker. not_affected \u2014 Angular 9.1.13 is not affected by CVE-2026-54264. The target repository uses a fundamentally different request reconstruction architecture than the vulnerable upstream versions (22.0+). The vulnerability requires the presence of header-copying logic during request reconstruction, which does not exist in this version." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6861f013-d2cb-5797-9c22-ce486e7be840", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 9.1.13-tuxcare.1 of @angular/platform-webworker. not_affected \u2014 Angular 9.1.13-tuxcare.9 is NOT AFFECTED by CVE-2026-54265. The vulnerability exists in newer Ivy compiler's template/pipeline architecture where TwoWayProperty operations bypass sanitizer resolution. This version uses View Engine and early render3 (Ivy) implementations where two-way bindings desugar through the same parsePropertyBinding() path as one-way bindings, ensuring identical sanitizer ..." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:74887fd1-a159-5b07-812f-2dd850f832b2", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 9.1.13-tuxcare.1 of @angular/platform-webworker. not_affected \u2014 Angular 9.1.13-tuxcare.9 does not contain the HttpTransferCache feature. The vulnerability CVE-2026-54266 affects the hash generation in HttpTransferCache, a feature introduced in Angular v16+. The target version (9.1.13) predates this feature by many major versions. While TransferState (generic state serialization) exists in v9, there is no HTTP caching integration that uses it. The packages/c..." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37e3f0bb-ae01-5200-ab01-022caf84133b", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 9.1.13-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0c624fc-a84f-5ae4-b1d5-9865e1b8a3c0", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 9.1.13-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-webworker@9.1.13-tuxcare.1" } ] }