{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7caf1a4b-3d2b-51c6-af31-fd5c061fe570", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/upgrade@17.1.0", "type": "library", "name": "@angular/upgrade", "version": "17.1.0", "purl": "pkg:npm/%40angular/upgrade@17.1.0" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:564653f2-aa23-5504-a068-e7cb27ae7078", "id": "CVE-2025-59052", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59052 affects version 17.1.0 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] }, { "bom-ref": "urn:uuid:3d2a480d-8ac7-5faf-a56b-7d42d510db27", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 17.1.0 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] }, { "bom-ref": "urn:uuid:e9f280f6-f164-5651-b742-5d454a016274", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 17.1.0 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] }, { "bom-ref": "urn:uuid:ac0791d7-6bf1-573e-a962-140cbc110896", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 17.1.0 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] }, { "bom-ref": "urn:uuid:51205545-0057-5a8e-8f3c-fcc4f7b90907", "id": "CVE-2026-32635", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32635 affects version 17.1.0 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] }, { "bom-ref": "urn:uuid:d14f8b79-f7bd-5a62-bbbd-94f0780b5680", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 17.1.0 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] }, { "bom-ref": "urn:uuid:17ccae5a-5303-587a-b052-d4bbb3b4da0f", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 17.1.0 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] }, { "bom-ref": "urn:uuid:498455a5-7480-5393-a0fa-d2e6130b2b9d", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 17.1.0 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] }, { "bom-ref": "urn:uuid:de687713-c7a2-570b-965b-98e6b4c29442", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 17.1.0 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] }, { "bom-ref": "urn:uuid:32614490-9d19-5dcc-8a4b-bc446a879723", "id": "CVE-2026-50170", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50170 affects version 17.1.0 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] }, { "bom-ref": "urn:uuid:3eb3f98e-ec3e-5bcc-a213-a0dd2b0c5f2a", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 17.1.0 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] }, { "bom-ref": "urn:uuid:fccbf659-0177-501e-b9eb-42b124b9c8ab", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 17.1.0 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] }, { "bom-ref": "urn:uuid:418e9442-a6f9-5448-92c9-b100bd5037b3", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 17.1.0 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] }, { "bom-ref": "urn:uuid:60f37288-a0da-58e2-a49e-125feb9f72cd", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 17.1.0 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] }, { "bom-ref": "urn:uuid:c7aa8338-ca91-5835-9652-7e53452e3349", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 17.1.0 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] }, { "bom-ref": "urn:uuid:914e62fa-d710-5f42-9c18-8880999a9680", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 17.1.0 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] }, { "bom-ref": "urn:uuid:558bf85d-cd35-5591-8d2e-371413c645a7", "id": "CVE-2026-54264", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54264 affects version 17.1.0 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] }, { "bom-ref": "urn:uuid:d518e3fe-2d4d-51f3-b58c-6c8025592fcc", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 17.1.0 of @angular/upgrade. not_affected \u2014 Angular v17.1.0 does not have the TwoWayProperty IR operation that is the subject of CVE-2026-54265. Two-way bindings are desugared into separate property and event bindings before template pipeline processing, with the property half using the same parsePropertyBinding() code path as one-way property bindings, which are properly sanitized." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] }, { "bom-ref": "urn:uuid:fa798ef2-3c39-555b-a3e6-c08a5fd3eec7", "id": "CVE-2026-54266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54266 affects version 17.1.0 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] }, { "bom-ref": "urn:uuid:dc3cbcf6-acd1-5436-85ed-5eac73feb7c7", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 17.1.0 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] }, { "bom-ref": "urn:uuid:91a3c09a-a8af-5adf-b7ee-73cb4248a900", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 17.1.0 of @angular/upgrade." }, "affects": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/upgrade@17.1.0" } ] }