{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:315df412-19bc-5cb0-8dbb-fd90b103e8d5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1", "type": "library", "name": "@angular/upgrade", "version": "17.1.0-tuxcare.1", "purl": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f0cb3c14-fdf3-5194-82cb-9e162a54fad4", "id": "CVE-2017-16009", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2017-16009 is fixed in version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:36c29b50-0899-5ea7-ab15-850d919bdbef", "id": "CVE-2025-59052", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59052 affects version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b3ca447b-64d5-5cd9-b36c-7cf0288f1c88", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2dae00d4-30cf-5a3b-b29e-1b25d16fff5d", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7bc038f8-6b1b-54c1-86d2-b4eceadfd796", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7d32bcff-ce5d-56ce-a811-e602f6416878", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c2980a7-5933-5fe6-a007-76c2fbcd05af", "id": "CVE-2026-32635", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32635 affects version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:640450f4-be25-58aa-a917-0b82c0767071", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b88ce76-6e27-56ba-8b09-d2b6ccea588d", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:380e375f-3dc4-5ec7-94e0-98567ddb8513", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd8e4ffb-26a8-51bb-aace-b023cf640a99", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d3dd92f-21ec-560f-bf02-5869182d80f0", "id": "CVE-2026-50170", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50170 affects version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:94eedb27-d8a4-5576-8b97-6a0808e8065f", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22f58129-6003-5d40-938b-6d5455142d89", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:91d57863-1f1d-5f7b-a8ac-78733b003152", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:077c4bc6-1b52-5389-968e-00180c088ea3", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:424b8390-0ad9-556e-9640-df5c50b69190", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1e79be6-6e0f-52df-89c8-1cb5323dc2d9", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:db98f59e-10f0-5480-a2f7-53bd02185210", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc63108a-7141-5cfe-81e8-cdda4d3e795c", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 17.1.0-tuxcare.1 of @angular/upgrade. not_affected \u2014 Angular v17.1.0 does not have the TwoWayProperty IR operation that is the subject of CVE-2026-54265. Two-way bindings are desugared into separate property and event bindings before template pipeline processing, with the property half using the same parsePropertyBinding() code path as one-way property bindings, which are properly sanitized." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3d7dab2-f8cd-5853-8cbe-eadafa811da1", "id": "CVE-2026-54266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54266 affects version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3a9961e9-9fc9-5889-b8f2-2edb815b29c3", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b3eaba06-0918-5c1f-8b28-fc8eca97b470", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 17.1.0-tuxcare.1 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0-tuxcare.1" } ] }