{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d480154a-2ce5-5414-9920-d292259e288e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.2", "type": "library", "name": "@angular/router", "version": "19.2.21-tuxcare.2", "purl": "pkg:npm/%40angular/router@19.2.21-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9f5dd11c-7a59-513b-a1e7-20cbdfa5aa52", "id": "CVE-2026-27970", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-27970 does not affect version 19.2.21-tuxcare.2 of @angular/router. already_fixed \u2014 The target repository (Angular 19.2.21-tuxcare.4) already contains the fix for CVE-2026-27970. The vulnerability (XSS via unsanitized HTML attributes in ICU message translations) has been addressed by TuxCare in prior backports. The defense mechanism in packages/core/src/render3/i18n/i18n_parse.ts lines 829-843 implements the same attribute allowlist validation as the vendor patch, blocking URI..." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5984a00b-04cb-59da-a782-ece19d06124e", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 19.2.21-tuxcare.2 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:06f16b90-f78c-5197-ab72-8af03a5af3ac", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 19.2.21-tuxcare.2 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:021a0ff8-9cce-5b91-a8e3-9c02e76d6f11", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 19.2.21-tuxcare.2 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aafe4bfc-02f4-5bce-972e-1aba567e892e", "id": "CVE-2026-50170", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50170 affects version 19.2.21-tuxcare.2 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b41661dd-1ba8-508d-bc72-ec634b3db6b5", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 19.2.21-tuxcare.2 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f504acdb-16c0-525b-b27f-476e1c65d911", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 19.2.21-tuxcare.2 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8b5ccfb-0396-5d42-9994-062c7b4f380d", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 19.2.21-tuxcare.2 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:16b4b8cd-c0e3-558b-832d-efd024100e19", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 19.2.21-tuxcare.2 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b31db55-7759-5adf-8bc2-e401f7630d00", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 19.2.21-tuxcare.2 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:35646ccf-b9db-5a4d-828b-e0df90877cf8", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 19.2.21-tuxcare.2 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c08584ca-37f5-5e6d-a1e4-800d36475c40", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 19.2.21-tuxcare.2 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b177afef-cab6-5217-8468-dd09581e87c7", "id": "CVE-2026-54265", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54265 affects version 19.2.21-tuxcare.2 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f3b6b4a4-2bd1-5d77-b20d-bb0dc68f944d", "id": "CVE-2026-54266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54266 affects version 19.2.21-tuxcare.2 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c13c2bbd-d641-5e97-b8c3-1532c14bf323", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 19.2.21-tuxcare.2 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e0eb6b4-b014-5541-8334-214c38388dbb", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 19.2.21-tuxcare.2 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.2" } ] }