{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:60eb7e19-2e59-53fa-9d1d-24380c026f37", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/dompurify@2.4.3-tuxcare.1", "type": "library", "name": "dompurify", "version": "2.4.3-tuxcare.1", "purl": "pkg:npm/dompurify@2.4.3-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f01bf747-c646-579b-b3d3-0a2069fd33aa", "id": "CVE-2023-26136", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-26136 is fixed in version 2.4.3-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a325db9b-fec4-5503-92b9-5372c3147765", "id": "CVE-2024-45801", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-45801 is fixed in version 2.4.3-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:53e96e5a-11a4-52c5-86b3-f145285d7e54", "id": "CVE-2024-47875", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-47875 is fixed in version 2.4.3-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b7fb80e-3b17-5b4c-bf28-a3197a3d01f1", "id": "CVE-2025-26791", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-26791 is fixed in version 2.4.3-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:31724ea6-4adf-54d1-9256-88ec3c239715", "id": "CVE-2026-0540", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-0540 affects version 2.4.3-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:773618a7-fe15-520c-8da9-5b3972d11c74", "id": "CVE-2026-41239", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41239 affects version 2.4.3-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:79015031-9b89-5c7a-b021-971756fe7e7e", "id": "CVE-2026-41240", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41240 affects version 2.4.3-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2f9c7d55-067c-5fd3-9a1d-1ccff32f8439", "id": "GHSA-39q2-94rc-95cp", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-39q2-94rc-95cp affects version 2.4.3-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9a7bc98-e017-552a-a755-7292990860a7", "id": "GHSA-cj63-jhhr-wcxv", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-cj63-jhhr-wcxv affects version 2.4.3-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6ec37a10-f141-5a61-8ec6-55de50efdc2c", "id": "GHSA-cjmm-f4jc-qw8r", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-cjmm-f4jc-qw8r affects version 2.4.3-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:91c529f1-71d9-5150-bff1-80a6c317aad6", "id": "GHSA-h8r8-wccr-v5f2", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-h8r8-wccr-v5f2 affects version 2.4.3-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.3-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/dompurify@2.4.3-tuxcare.1" } ] }