{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:8428ea65-5148-5f86-a5ac-87367f20dfdf",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5",
      "type": "library",
      "name": "@angular/router",
      "version": "9.1.13-tuxcare.5",
      "purl": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:93e3cd97-a52d-57ca-9d18-b92d2f13c687",
      "id": "CVE-2021-4231",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2021-4231 is fixed in version 9.1.13-tuxcare.5 of @angular/router."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e53e8dd4-9a4e-58f2-80b4-d603894ebea1",
      "id": "CVE-2025-66035",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-66035 affects version 9.1.13-tuxcare.5 of @angular/router."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3a8b12e8-d205-5a27-a974-c8f8ba2e62ea",
      "id": "CVE-2025-66412",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-66412 is fixed in version 9.1.13-tuxcare.5 of @angular/router."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a5fc5bab-5e02-5a98-b28f-10b9a0bf4beb",
      "id": "CVE-2026-22610",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22610 affects version 9.1.13-tuxcare.5 of @angular/router."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:92257dbd-85c9-561f-afff-aeef25b1500d",
      "id": "CVE-2026-27970",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-27970 affects version 9.1.13-tuxcare.5 of @angular/router."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e966e935-c738-5b90-a9ae-ba1044f60c0f",
      "id": "CVE-2026-41423",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-41423 is fixed in version 9.1.13-tuxcare.5 of @angular/router."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b60e8a2b-1381-5cfb-9705-7b7143fc1940",
      "id": "CVE-2026-46417",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-46417 affects version 9.1.13-tuxcare.5 of @angular/router."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f957531f-b118-53c8-9490-9346ea5982e5",
      "id": "CVE-2026-50168",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50168 affects version 9.1.13-tuxcare.5 of @angular/router."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0e0b299c-a7d5-5dbd-b430-48f4022c1488",
      "id": "CVE-2026-50169",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50169 affects version 9.1.13-tuxcare.5 of @angular/router."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b4e97a0c-9956-5ffd-bbbb-725a9e6b6eea",
      "id": "CVE-2026-50170",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-50170 does not affect version 9.1.13-tuxcare.5 of @angular/router. not_affected \u2014 Angular v9.1.13 is not affected by CVE-2026-50170. The vulnerability exists in Angular's HttpTransferCache feature, which was introduced in Angular v16+. This feature does not exist in v9.1.13, making the vulnerability pattern impossible to manifest."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:932d287d-5542-5451-b0d0-b3106ef893bc",
      "id": "CVE-2026-50171",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50171 affects version 9.1.13-tuxcare.5 of @angular/router."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0ad93f7c-f001-5b32-92de-33e627a7fd2f",
      "id": "CVE-2026-50184",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50184 affects version 9.1.13-tuxcare.5 of @angular/router."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e641214d-45f2-5b3f-9174-4eb9954218c7",
      "id": "CVE-2026-50555",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50555 affects version 9.1.13-tuxcare.5 of @angular/router."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1016be03-a8c7-52a0-bd79-f47bc4677719",
      "id": "CVE-2026-50556",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50556 affects version 9.1.13-tuxcare.5 of @angular/router."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8d0881a8-1f6a-534c-a82e-40ad8baf9139",
      "id": "CVE-2026-50557",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50557 affects version 9.1.13-tuxcare.5 of @angular/router."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ee1cd203-579d-5b88-b79a-3ca93fdbe645",
      "id": "CVE-2026-52725",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-52725 affects version 9.1.13-tuxcare.5 of @angular/router."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:357e4e01-4f82-54c0-86e8-3e58b994f575",
      "id": "CVE-2026-54264",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54264 does not affect version 9.1.13-tuxcare.5 of @angular/router. not_affected \u2014 Angular 9.1.13 is not affected by CVE-2026-54264. The target repository uses a fundamentally different request reconstruction architecture than the vulnerable upstream versions (22.0+). The vulnerability requires the presence of header-copying logic during request reconstruction, which does not exist in this version."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a9112e46-cd3e-5642-a23b-df8b816f252e",
      "id": "CVE-2026-54265",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54265 does not affect version 9.1.13-tuxcare.5 of @angular/router. not_affected \u2014 Angular 9.1.13-tuxcare.9 is NOT AFFECTED by CVE-2026-54265. The vulnerability exists in newer Ivy compiler's template/pipeline architecture where TwoWayProperty operations bypass sanitizer resolution. This version uses View Engine and early render3 (Ivy) implementations where two-way bindings desugar through the same parsePropertyBinding() path as one-way bindings, ensuring identical sanitizer ..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9e17e8da-921a-5c40-9eb6-70dab5cce322",
      "id": "CVE-2026-54266",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54266 does not affect version 9.1.13-tuxcare.5 of @angular/router. not_affected \u2014 Angular 9.1.13-tuxcare.9 does not contain the HttpTransferCache feature. The vulnerability CVE-2026-54266 affects the hash generation in HttpTransferCache, a feature introduced in Angular v16+. The target version (9.1.13) predates this feature by many major versions. While TransferState (generic state serialization) exists in v9, there is no HTTP caching integration that uses it. The packages/c..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f3f47d43-9923-5e6c-be32-7449abf4c6e2",
      "id": "CVE-2026-54267",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54267 affects version 9.1.13-tuxcare.5 of @angular/router."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:00b73976-bf08-55dc-be58-36d414ac2cc2",
      "id": "CVE-2026-54268",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54268 affects version 9.1.13-tuxcare.5 of @angular/router."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/%40angular/router@9.1.13-tuxcare.5"
    }
  ]
}