{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:3468c0b7-183e-532a-804e-5ffbf6ffe58c",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/%40angular/service-worker@19.2.21-tuxcare.2",
      "type": "library",
      "name": "@angular/service-worker",
      "version": "19.2.21-tuxcare.2",
      "purl": "pkg:npm/%40angular/service-worker@19.2.21-tuxcare.2"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:cc659238-1703-56ac-8bfd-2c38834a7775",
      "id": "CVE-2026-27970",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-27970 does not affect version 19.2.21-tuxcare.2 of @angular/service-worker. already_fixed \u2014 The target repository (Angular 19.2.21-tuxcare.4) already contains the fix for CVE-2026-27970. The vulnerability (XSS via unsanitized HTML attributes in ICU message translations) has been addressed by TuxCare in prior backports. The defense mechanism in packages/core/src/render3/i18n/i18n_parse.ts lines 829-843 implements the same attribute allowlist validation as the vendor patch, blocking URI..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ca712c67-d367-576f-8fbe-ede91682a9d7",
      "id": "CVE-2026-46417",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-46417 affects version 19.2.21-tuxcare.2 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b738454c-2512-5224-8955-1b15584c44e8",
      "id": "CVE-2026-50168",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50168 affects version 19.2.21-tuxcare.2 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2b22484a-0f48-5904-bde9-7026e8fc7b9c",
      "id": "CVE-2026-50169",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50169 affects version 19.2.21-tuxcare.2 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ca3d97bb-b3e2-51f2-8cc9-fb69822ff30f",
      "id": "CVE-2026-50170",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50170 affects version 19.2.21-tuxcare.2 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3879dad3-5fc1-5b50-b2b1-8f9920c75552",
      "id": "CVE-2026-50171",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50171 affects version 19.2.21-tuxcare.2 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3991bdd7-e5f1-5b53-a3fe-9b0da949ad2a",
      "id": "CVE-2026-50184",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50184 affects version 19.2.21-tuxcare.2 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:642c0905-286b-5957-adc1-0b290c270b45",
      "id": "CVE-2026-50555",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50555 affects version 19.2.21-tuxcare.2 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6396a7d1-eb04-5f21-985a-55352d45f1e9",
      "id": "CVE-2026-50556",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50556 affects version 19.2.21-tuxcare.2 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ef1ae007-7a96-5d7f-abf4-e665088069df",
      "id": "CVE-2026-50557",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50557 affects version 19.2.21-tuxcare.2 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:65f22fd8-8659-5fa6-ae83-673ff2fc5ec2",
      "id": "CVE-2026-52725",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-52725 affects version 19.2.21-tuxcare.2 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:93e8a94f-32bd-5a8f-af2f-aed0294a8f60",
      "id": "CVE-2026-54264",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54264 affects version 19.2.21-tuxcare.2 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a7f3d953-67d0-569f-a46d-fe5d538c1fc2",
      "id": "CVE-2026-54265",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54265 affects version 19.2.21-tuxcare.2 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:baa2bd0e-5c47-5470-ab5a-fe2707704d9b",
      "id": "CVE-2026-54266",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54266 affects version 19.2.21-tuxcare.2 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2b6dd0d6-c4f2-56e2-8c61-b12f976ad988",
      "id": "CVE-2026-54267",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54267 affects version 19.2.21-tuxcare.2 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@19.2.21-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4d770e37-9989-5b84-8d62-abf050f71b30",
      "id": "CVE-2026-54268",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54268 affects version 19.2.21-tuxcare.2 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@19.2.21-tuxcare.2"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/%40angular/service-worker@19.2.21-tuxcare.2"
    }
  ]
}