{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:56d17de6-e021-5469-bea7-42f9c339c5a9",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10",
      "type": "library",
      "name": "@angular/service-worker",
      "version": "9.1.13-tuxcare.10",
      "purl": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:136f97c5-9624-51c6-9ffc-b6f34eeecdc1",
      "id": "CVE-2021-4231",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2021-4231 is fixed in version 9.1.13-tuxcare.10 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:19e8755a-4895-51bb-b0e6-b30a4014bca0",
      "id": "CVE-2025-66035",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-66035 affects version 9.1.13-tuxcare.10 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3e317f9c-bb55-59be-82c0-ec0c207c265c",
      "id": "CVE-2025-66412",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-66412 is fixed in version 9.1.13-tuxcare.10 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7e868b7e-f6ec-59e6-b82b-8eb25879ef0a",
      "id": "CVE-2026-22610",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-22610 is fixed in version 9.1.13-tuxcare.10 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:34cf70f8-26b8-572a-b39c-20a5cbb62d6d",
      "id": "CVE-2026-27970",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-27970 is fixed in version 9.1.13-tuxcare.10 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:acee87da-aad3-569e-84bc-f61534f9e576",
      "id": "CVE-2026-41423",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-41423 is fixed in version 9.1.13-tuxcare.10 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e152a995-a61d-51cf-8a6b-936a987e6fa1",
      "id": "CVE-2026-46417",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-46417 is fixed in version 9.1.13-tuxcare.10 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d60b1448-0c20-5acf-b18a-989753f2a5bc",
      "id": "CVE-2026-50168",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50168 is fixed in version 9.1.13-tuxcare.10 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:59b32540-7f26-5439-b603-305488cc6d19",
      "id": "CVE-2026-50169",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50169 is fixed in version 9.1.13-tuxcare.10 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:aee2dbac-9195-5631-a1b1-f7c12bb88e0d",
      "id": "CVE-2026-50170",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-50170 does not affect version 9.1.13-tuxcare.10 of @angular/service-worker. not_affected \u2014 Angular v9.1.13 is not affected by CVE-2026-50170. The vulnerability exists in Angular's HttpTransferCache feature, which was introduced in Angular v16+. This feature does not exist in v9.1.13, making the vulnerability pattern impossible to manifest."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:02adb38d-6776-5c03-bb7d-921800b3c61d",
      "id": "CVE-2026-50171",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50171 is fixed in version 9.1.13-tuxcare.10 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8531d602-a47d-5089-877f-0ce7cb389169",
      "id": "CVE-2026-50184",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50184 is fixed in version 9.1.13-tuxcare.10 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:94157348-181e-59fc-8940-09503f73ce43",
      "id": "CVE-2026-50555",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50555 is fixed in version 9.1.13-tuxcare.10 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:eaf4fc3b-f4e3-507b-9d9a-18a5ef81e55a",
      "id": "CVE-2026-50556",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50556 is fixed in version 9.1.13-tuxcare.10 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c15b117a-9013-5c81-811e-248dc2d6b1ae",
      "id": "CVE-2026-50557",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50557 is fixed in version 9.1.13-tuxcare.10 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9d35d009-8baf-57b3-a363-b6237f37fd61",
      "id": "CVE-2026-52725",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-52725 is fixed in version 9.1.13-tuxcare.10 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:86558a83-fba2-5e5e-9bea-bc942c4acfdc",
      "id": "CVE-2026-54264",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54264 does not affect version 9.1.13-tuxcare.10 of @angular/service-worker. not_affected \u2014 Angular 9.1.13 is not affected by CVE-2026-54264. The target repository uses a fundamentally different request reconstruction architecture than the vulnerable upstream versions (22.0+). The vulnerability requires the presence of header-copying logic during request reconstruction, which does not exist in this version."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4e09ef2a-c25e-5c4f-8565-75afa12e792f",
      "id": "CVE-2026-54265",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54265 does not affect version 9.1.13-tuxcare.10 of @angular/service-worker. not_affected \u2014 Angular 9.1.13-tuxcare.9 is NOT AFFECTED by CVE-2026-54265. The vulnerability exists in newer Ivy compiler's template/pipeline architecture where TwoWayProperty operations bypass sanitizer resolution. This version uses View Engine and early render3 (Ivy) implementations where two-way bindings desugar through the same parsePropertyBinding() path as one-way bindings, ensuring identical sanitizer ..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:139bd48f-c5f5-5e53-93ab-3f248edd11d8",
      "id": "CVE-2026-54266",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54266 does not affect version 9.1.13-tuxcare.10 of @angular/service-worker. not_affected \u2014 Angular 9.1.13-tuxcare.9 does not contain the HttpTransferCache feature. The vulnerability CVE-2026-54266 affects the hash generation in HttpTransferCache, a feature introduced in Angular v16+. The target version (9.1.13) predates this feature by many major versions. While TransferState (generic state serialization) exists in v9, there is no HTTP caching integration that uses it. The packages/c..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:902460e2-43c2-5176-ace4-098c20e65442",
      "id": "CVE-2026-54267",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-54267 is fixed in version 9.1.13-tuxcare.10 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:949c3369-5cce-507b-b89c-a0569b7d85ab",
      "id": "CVE-2026-54268",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-54268 is fixed in version 9.1.13-tuxcare.10 of @angular/service-worker."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/%40angular/service-worker@9.1.13-tuxcare.10"
    }
  ]
}