Extract component map for vulnerability reports

What does this MR do and why?

Removes cyclic imports from vulnerability report frontend code because they are confusing and potentially dangerous (see also &1310)