{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f99752a6-88d7-529c-a3ea-3a8703232996", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10", "type": "library", "name": "@angular/router", "version": "9.1.13-tuxcare.10", "purl": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b3fc6c9b-60a6-5a4e-ba73-c4a87240cc67", "id": "CVE-2021-4231", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-4231 is fixed in version 9.1.13-tuxcare.10 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:e1fd265a-cca2-5e19-97fe-0654fe156e6c", "id": "CVE-2025-66035", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66035 affects version 9.1.13-tuxcare.10 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:00389c81-42bd-5410-95ef-e89b8c053caa", "id": "CVE-2025-66412", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66412 is fixed in version 9.1.13-tuxcare.10 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:1f356bd8-b740-5cbf-b371-068d46da6a83", "id": "CVE-2026-22610", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22610 is fixed in version 9.1.13-tuxcare.10 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:ae530674-a294-5e64-a459-cbc79599de11", "id": "CVE-2026-27970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-27970 is fixed in version 9.1.13-tuxcare.10 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:b9c42e97-759e-599f-88a7-9eced22cb00e", "id": "CVE-2026-41423", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41423 is fixed in version 9.1.13-tuxcare.10 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:72cc8ffd-5ab8-56a5-a486-c9cfadffe761", "id": "CVE-2026-46417", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-46417 is fixed in version 9.1.13-tuxcare.10 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:851c6701-dcd4-5922-b76a-559ce2989ab6", "id": "CVE-2026-50168", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50168 is fixed in version 9.1.13-tuxcare.10 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:6f187f5a-d821-5495-b124-45fdc0430503", "id": "CVE-2026-50169", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50169 is fixed in version 9.1.13-tuxcare.10 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:23aac293-0d41-5cba-931b-c6bea7d8a254", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 9.1.13-tuxcare.10 of @angular/router. not_affected \u2014 Angular v9.1.13 is not affected by CVE-2026-50170. The vulnerability exists in Angular's HttpTransferCache feature, which was introduced in Angular v16+. This feature does not exist in v9.1.13, making the vulnerability pattern impossible to manifest." }, "affects": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:4876b0c5-ea0d-5fea-b38e-fba2588ac1c8", "id": "CVE-2026-50171", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50171 is fixed in version 9.1.13-tuxcare.10 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:babe89c1-f787-5f2f-8373-5ed9fa275d45", "id": "CVE-2026-50184", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50184 is fixed in version 9.1.13-tuxcare.10 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:42afbc70-5003-5c2f-b774-dc64ffd58dad", "id": "CVE-2026-50555", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50555 is fixed in version 9.1.13-tuxcare.10 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:0d05f252-9269-503e-a14f-55001373b786", "id": "CVE-2026-50556", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50556 is fixed in version 9.1.13-tuxcare.10 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:5fe15515-3cf4-5fcb-8b19-cc47b88bab2c", "id": "CVE-2026-50557", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-50557 is fixed in version 9.1.13-tuxcare.10 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:b5b66072-8af9-51b1-a135-6872bde9f37c", "id": "CVE-2026-52725", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-52725 is fixed in version 9.1.13-tuxcare.10 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:79d0188d-c4f4-5424-a503-efeb26fa849a", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 9.1.13-tuxcare.10 of @angular/router. not_affected \u2014 Angular 9.1.13 is not affected by CVE-2026-54264. The target repository uses a fundamentally different request reconstruction architecture than the vulnerable upstream versions (22.0+). The vulnerability requires the presence of header-copying logic during request reconstruction, which does not exist in this version." }, "affects": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:c5ddde63-7af5-5672-9c16-8203f6bb0f96", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 9.1.13-tuxcare.10 of @angular/router. not_affected \u2014 Angular 9.1.13-tuxcare.9 is NOT AFFECTED by CVE-2026-54265. The vulnerability exists in newer Ivy compiler's template/pipeline architecture where TwoWayProperty operations bypass sanitizer resolution. This version uses View Engine and early render3 (Ivy) implementations where two-way bindings desugar through the same parsePropertyBinding() path as one-way bindings, ensuring identical sanitizer ..." }, "affects": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:74e0d72d-553f-5410-94d1-c83ef52a11c0", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 9.1.13-tuxcare.10 of @angular/router. not_affected \u2014 Angular 9.1.13-tuxcare.9 does not contain the HttpTransferCache feature. The vulnerability CVE-2026-54266 affects the hash generation in HttpTransferCache, a feature introduced in Angular v16+. The target version (9.1.13) predates this feature by many major versions. While TransferState (generic state serialization) exists in v9, there is no HTTP caching integration that uses it. The packages/c..." }, "affects": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:f75c58ca-3e4c-5f93-b894-5edf49a3abba", "id": "CVE-2026-54267", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54267 is fixed in version 9.1.13-tuxcare.10 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:72dacafc-0521-5c0d-8b06-6567e6b3bffd", "id": "CVE-2026-54268", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-54268 is fixed in version 9.1.13-tuxcare.10 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.10" } ] }