{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:9caac9ea-8eb5-52cb-bb73-e7f21c2ff657",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1",
      "type": "library",
      "name": "@angular/service-worker",
      "version": "14.2.12-tuxcare.1",
      "purl": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:d20fb1fe-1072-5c8c-baf5-524c47e930cb",
      "id": "CVE-2025-66035",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-66035 is fixed in version 14.2.12-tuxcare.1 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8781efa4-61af-52d3-b738-3679c3f85021",
      "id": "CVE-2025-66412",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-66412 affects version 14.2.12-tuxcare.1 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:90f4e9b3-1831-55e4-9a13-f4edb4914ae5",
      "id": "CVE-2026-22610",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22610 affects version 14.2.12-tuxcare.1 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9f143e88-9411-545f-b180-85f17441117b",
      "id": "CVE-2026-27970",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-27970 affects version 14.2.12-tuxcare.1 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:adaaa6fb-cca6-5725-9529-74b697126f60",
      "id": "CVE-2026-41423",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-41423 affects version 14.2.12-tuxcare.1 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:52dfae3c-bcbd-5ea5-8402-ce0c99ed9d46",
      "id": "CVE-2026-46417",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-46417 affects version 14.2.12-tuxcare.1 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:103e353f-e6ed-5153-a176-5bb84f15dc74",
      "id": "CVE-2026-50168",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50168 affects version 14.2.12-tuxcare.1 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e8522bc3-b575-5f20-b54e-d380c7f09b93",
      "id": "CVE-2026-50169",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50169 affects version 14.2.12-tuxcare.1 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c40f5318-bc32-5315-a443-81521ee941f2",
      "id": "CVE-2026-50170",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-50170 does not affect version 14.2.12-tuxcare.1 of @angular/service-worker. not_affected \u2014 Angular v14.2.12-tuxcare.1 is not affected by CVE-2026-50170. The HTTP TransferCache feature and client hydration mechanism that contain the vulnerability were introduced in Angular v16+. This version predates that feature introduction and does not have the vulnerable code path."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d4161e06-a46c-5a12-a3e5-a53831bd1533",
      "id": "CVE-2026-50171",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50171 affects version 14.2.12-tuxcare.1 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8d323bcf-c73c-5868-b684-17bc97f78a2f",
      "id": "CVE-2026-50184",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50184 affects version 14.2.12-tuxcare.1 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:cf0e9fe6-e741-584b-9967-cb93395a6174",
      "id": "CVE-2026-50555",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50555 affects version 14.2.12-tuxcare.1 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:33cbecf3-b5a5-5365-af95-abd0f564cc0d",
      "id": "CVE-2026-50556",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50556 affects version 14.2.12-tuxcare.1 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3edf4d62-52c1-5abc-acad-c1141db352f2",
      "id": "CVE-2026-50557",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50557 affects version 14.2.12-tuxcare.1 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ba81e8ac-d01a-598f-9112-6e45be0efaa5",
      "id": "CVE-2026-52725",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-52725 affects version 14.2.12-tuxcare.1 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:72060e3f-5862-51a7-b76c-45ed3f8cd461",
      "id": "CVE-2026-54264",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54264 affects version 14.2.12-tuxcare.1 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:bc9f6e11-b5be-5062-9548-b84311921e47",
      "id": "CVE-2026-54265",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54265 does not affect version 14.2.12-tuxcare.1 of @angular/service-worker. not_affected \u2014 Angular 14.2.12-tuxcare.1 is not affected by CVE-2026-54265. This version uses the pre-pipeline compiler architecture where two-way bindings are desugared into separate property and event bindings, both of which go through proper sanitization. The vulnerability only exists in Angular 17.3.0+ where the template pipeline with TwoWayProperty IR operation was introduced."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0a0eb3e8-7cea-590a-95b2-554e2d31a37a",
      "id": "CVE-2026-54266",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54266 does not affect version 14.2.12-tuxcare.1 of @angular/service-worker. not_affected \u2014 Angular 14.2.12 is not affected by CVE-2026-54266. The vulnerable HttpTransferCache feature does not exist in this version - it was introduced in Angular v16+. The target has no code path that generates cache keys from HTTP request parameters, and therefore cannot experience cache key collisions."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:70f1837d-5e5e-5077-add9-19f20cf2b647",
      "id": "CVE-2026-54267",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54267 affects version 14.2.12-tuxcare.1 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:90c23b96-85fb-51d1-8d0f-bcb659e5dcf0",
      "id": "CVE-2026-54268",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54268 affects version 14.2.12-tuxcare.1 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/%40angular/service-worker@14.2.12-tuxcare.1"
    }
  ]
}