{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:badf413e-1802-59de-b1bd-0025ea46fd54", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/service-worker@17.1.0", "type": "library", "name": "@angular/service-worker", "version": "17.1.0", "purl": "pkg:npm/%40angular/service-worker@17.1.0" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:467ea3d4-edf7-5648-beeb-c1547d172871", "id": "CVE-2025-59052", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59052 affects version 17.1.0 of @angular/service-worker." }, "affects": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] }, { "bom-ref": "urn:uuid:bea9dfba-31a3-5cba-addc-bf0845ba4190", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 17.1.0 of @angular/service-worker." }, "affects": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] }, { "bom-ref": "urn:uuid:049dd855-0737-5e1c-bffc-0418cbbde142", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 17.1.0 of @angular/service-worker." }, "affects": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] }, { "bom-ref": "urn:uuid:4230332a-8a1d-5ef0-b794-2d892e50c62b", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 17.1.0 of @angular/service-worker." }, "affects": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] }, { "bom-ref": "urn:uuid:e54b9b1c-f551-548e-bac5-d5d2686bc0e3", "id": "CVE-2026-32635", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32635 affects version 17.1.0 of @angular/service-worker." }, "affects": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] }, { "bom-ref": "urn:uuid:efd27c4c-3c40-5ee5-9252-aed29b3e3027", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 17.1.0 of @angular/service-worker." }, "affects": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] }, { "bom-ref": "urn:uuid:3091d286-561c-501f-afec-8fff712920d1", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 17.1.0 of @angular/service-worker." }, "affects": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] }, { "bom-ref": "urn:uuid:bb2e5130-b134-5808-b2f2-ff6ebf11c78f", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 17.1.0 of @angular/service-worker." }, "affects": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] }, { "bom-ref": "urn:uuid:9169fed4-6a3e-5e3e-9378-dc98c09dacef", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 17.1.0 of @angular/service-worker." }, "affects": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] }, { "bom-ref": "urn:uuid:da75e183-89de-5109-b7e7-8cb8d987a055", "id": "CVE-2026-50170", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50170 affects version 17.1.0 of @angular/service-worker." }, "affects": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] }, { "bom-ref": "urn:uuid:8ca4627b-9be4-5208-b6ed-7988af47a88c", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 17.1.0 of @angular/service-worker." }, "affects": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] }, { "bom-ref": "urn:uuid:8237440d-cab5-5b91-863d-b0a2210fbede", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 17.1.0 of @angular/service-worker." }, "affects": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] }, { "bom-ref": "urn:uuid:c5115972-d124-5d69-99e7-63ef231b6109", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 17.1.0 of @angular/service-worker." }, "affects": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] }, { "bom-ref": "urn:uuid:53795c2f-d1b4-52f0-875e-e78c4f092988", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 17.1.0 of @angular/service-worker." }, "affects": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] }, { "bom-ref": "urn:uuid:dbea90b4-17e8-5179-b8c4-f46bad079e37", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 17.1.0 of @angular/service-worker." }, "affects": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] }, { "bom-ref": "urn:uuid:ad6e605e-f4ba-5a93-a726-2b041bf5be4a", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 17.1.0 of @angular/service-worker." }, "affects": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] }, { "bom-ref": "urn:uuid:bb9a3c58-6e70-5c2e-a432-50c32972ce34", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 17.1.0 of @angular/service-worker." }, "affects": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] }, { "bom-ref": "urn:uuid:d9f934d7-91c2-582a-8a78-636cdd088fef", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 17.1.0 of @angular/service-worker. not_affected \u2014 Angular v17.1.0 does not have the TwoWayProperty IR operation that is the subject of CVE-2026-54265. Two-way bindings are desugared into separate property and event bindings before template pipeline processing, with the property half using the same parsePropertyBinding() code path as one-way property bindings, which are properly sanitized." }, "affects": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] }, { "bom-ref": "urn:uuid:15e7d7dd-fcc1-55fe-b844-e811509e63bb", "id": "CVE-2026-54266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54266 affects version 17.1.0 of @angular/service-worker." }, "affects": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] }, { "bom-ref": "urn:uuid:f027d07c-2721-54b9-b023-301683063e1e", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 17.1.0 of @angular/service-worker." }, "affects": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] }, { "bom-ref": "urn:uuid:3f488192-51cc-5819-a62e-deed64373a37", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 17.1.0 of @angular/service-worker." }, "affects": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/service-worker@17.1.0" } ] }