{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:69e32631-44d8-5306-8d1f-02521d94c771", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/router@14.2.12", "type": "library", "name": "@angular/router", "version": "14.2.12", "purl": "pkg:npm/%40angular/router@14.2.12" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f261d29a-31bd-564e-af48-b0fc183e4f4f", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 14.2.12 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@14.2.12" } ] }, { "bom-ref": "urn:uuid:685f9f6f-7cc0-53e7-bc76-ac990ef18fb3", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 14.2.12 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@14.2.12" } ] }, { "bom-ref": "urn:uuid:e3391e5a-5c38-57f7-a708-04ea7e351fe7", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 14.2.12 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@14.2.12" } ] }, { "bom-ref": "urn:uuid:dfc59a24-a2e5-55c5-8bc6-191afb38fae6", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 14.2.12 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@14.2.12" } ] }, { "bom-ref": "urn:uuid:29258205-0340-5c10-8363-4202d1d2b9af", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 14.2.12 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@14.2.12" } ] }, { "bom-ref": "urn:uuid:4767c4bb-4892-5621-918b-7a693e95ce55", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 14.2.12 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@14.2.12" } ] }, { "bom-ref": "urn:uuid:cc279c05-aebd-599f-990d-2343f33f3b8a", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 14.2.12 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@14.2.12" } ] }, { "bom-ref": "urn:uuid:a46a42a3-8d71-576b-b61e-1ee79bcabab0", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 14.2.12 of @angular/router. not_affected \u2014 Angular v14.2.12-tuxcare.1 is not affected by CVE-2026-50170. The HTTP TransferCache feature and client hydration mechanism that contain the vulnerability were introduced in Angular v16+. This version predates that feature introduction and does not have the vulnerable code path." }, "affects": [ { "ref": "pkg:npm/%40angular/router@14.2.12" } ] }, { "bom-ref": "urn:uuid:d7b6dd72-086e-507c-86ae-a63a2934d651", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 14.2.12 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@14.2.12" } ] }, { "bom-ref": "urn:uuid:f52a0c14-6bd0-5808-99c1-ccff4f68d1f9", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 14.2.12 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@14.2.12" } ] }, { "bom-ref": "urn:uuid:cbc8e661-f20d-5040-abea-7186cd970cc8", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 14.2.12 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@14.2.12" } ] }, { "bom-ref": "urn:uuid:14198f4b-c894-5b5d-b62a-ef2b42ad125c", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 14.2.12 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@14.2.12" } ] }, { "bom-ref": "urn:uuid:9d7d9ef6-cfee-537e-b4d0-8bdc0c4a25c2", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 14.2.12 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@14.2.12" } ] }, { "bom-ref": "urn:uuid:515dd1d2-ee59-5f3f-a39e-f2d3f3085138", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 14.2.12 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@14.2.12" } ] }, { "bom-ref": "urn:uuid:3140e009-63e1-5fcb-b976-279adb94c8e2", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 14.2.12 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@14.2.12" } ] }, { "bom-ref": "urn:uuid:363a73ea-9886-59bf-8300-9b49cb2df6c0", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 14.2.12 of @angular/router. not_affected \u2014 Angular 14.2.12-tuxcare.1 is not affected by CVE-2026-54265. This version uses the pre-pipeline compiler architecture where two-way bindings are desugared into separate property and event bindings, both of which go through proper sanitization. The vulnerability only exists in Angular 17.3.0+ where the template pipeline with TwoWayProperty IR operation was introduced." }, "affects": [ { "ref": "pkg:npm/%40angular/router@14.2.12" } ] }, { "bom-ref": "urn:uuid:8ca0b199-7e62-5f6e-ac4b-ed2d101a331e", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 14.2.12 of @angular/router. not_affected \u2014 Angular 14.2.12 is not affected by CVE-2026-54266. The vulnerable HttpTransferCache feature does not exist in this version - it was introduced in Angular v16+. The target has no code path that generates cache keys from HTTP request parameters, and therefore cannot experience cache key collisions." }, "affects": [ { "ref": "pkg:npm/%40angular/router@14.2.12" } ] }, { "bom-ref": "urn:uuid:bc8bebb1-3406-596e-ac45-bf0b1830f235", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 14.2.12 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@14.2.12" } ] }, { "bom-ref": "urn:uuid:511bd5c8-cfc3-5895-9b94-195d6d143b18", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 14.2.12 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@14.2.12" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/router@14.2.12" } ] }