{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fc27e0f0-bba6-52ae-9d6e-377e044fe90a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.4", "type": "library", "name": "@angular/router", "version": "19.2.21-tuxcare.4", "purl": "pkg:npm/%40angular/router@19.2.21-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bc8058af-fc22-5f72-9557-ce31664e5b7d", "id": "CVE-2026-27970", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-27970 does not affect version 19.2.21-tuxcare.4 of @angular/router. already_fixed \u2014 The target repository (Angular 19.2.21-tuxcare.4) already contains the fix for CVE-2026-27970. The vulnerability (XSS via unsanitized HTML attributes in ICU message translations) has been addressed by TuxCare in prior backports. The defense mechanism in packages/core/src/render3/i18n/i18n_parse.ts lines 829-843 implements the same attribute allowlist validation as the vendor patch, blocking URI..." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:02b73323-4dd1-55cf-a6e4-692f1abf0a6e", "id": "CVE-2026-46417", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-46417 is fixed in version 19.2.21-tuxcare.4 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5c517fd7-4d1a-546c-9ca9-a1b00f9527fe", "id": "CVE-2026-50168", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50168 is fixed in version 19.2.21-tuxcare.4 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8e349bae-f9cf-5703-8412-d8611cf6c3e5", "id": "CVE-2026-50169", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50169 is fixed in version 19.2.21-tuxcare.4 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eb7acec3-ca2b-527e-9df0-794bd603fa17", "id": "CVE-2026-50170", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50170 is fixed in version 19.2.21-tuxcare.4 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:06f14e45-e5be-5576-ae4e-00667b7aa9dd", "id": "CVE-2026-50171", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50171 is fixed in version 19.2.21-tuxcare.4 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d19f4807-b263-50cf-86f6-e2c6da81920b", "id": "CVE-2026-50184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50184 is fixed in version 19.2.21-tuxcare.4 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1c187dd6-f9c4-5586-8917-a44fa93d38d4", "id": "CVE-2026-50555", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50555 is fixed in version 19.2.21-tuxcare.4 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ceefc7ff-d524-5797-816b-332806481ca8", "id": "CVE-2026-50556", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50556 is fixed in version 19.2.21-tuxcare.4 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:25f3d97d-daab-5ec3-8dc8-feb493663ff0", "id": "CVE-2026-50557", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50557 is fixed in version 19.2.21-tuxcare.4 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d619833d-339e-55df-9588-9b8b306ab75e", "id": "CVE-2026-52725", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-52725 is fixed in version 19.2.21-tuxcare.4 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8c01189c-f7eb-5df1-8fdb-383350bc5093", "id": "CVE-2026-54264", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54264 is fixed in version 19.2.21-tuxcare.4 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6770a458-678e-53fe-8fa5-8cdd83dd36c1", "id": "CVE-2026-54265", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54265 is fixed in version 19.2.21-tuxcare.4 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4db61fe7-d950-5fc7-9b1a-5fd38fde5f7f", "id": "CVE-2026-54266", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54266 is fixed in version 19.2.21-tuxcare.4 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7e1c5887-eb54-5a39-876a-3b265fe90743", "id": "CVE-2026-54267", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54267 is fixed in version 19.2.21-tuxcare.4 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a101bc68-5215-5dd6-8a55-83c4c06de7ae", "id": "CVE-2026-54268", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54268 is fixed in version 19.2.21-tuxcare.4 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/router@19.2.21-tuxcare.4" } ] }