{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:60d29760-825f-528a-8aae-91b12475bb49", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/dompurify@2.4.0", "type": "library", "name": "dompurify", "version": "2.4.0", "purl": "pkg:npm/dompurify@2.4.0" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4cffd269-652a-5c79-9678-965cc87d3c06", "id": "CVE-2024-45801", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-45801 affects version 2.4.0 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.0" } ] }, { "bom-ref": "urn:uuid:100fdc26-7807-5553-aa15-5fb386af358c", "id": "CVE-2024-47875", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-47875 affects version 2.4.0 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.0" } ] }, { "bom-ref": "urn:uuid:18c00357-ace1-53e5-80c9-061a72a80c32", "id": "CVE-2024-48910", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-48910 affects version 2.4.0 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.0" } ] }, { "bom-ref": "urn:uuid:0d3e7bd5-8123-5428-a855-4b555e1a58a8", "id": "CVE-2025-26791", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-26791 affects version 2.4.0 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.0" } ] }, { "bom-ref": "urn:uuid:dd5ac8e1-ae22-53cc-8e11-cddae17360cd", "id": "CVE-2026-0540", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-0540 affects version 2.4.0 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.0" } ] }, { "bom-ref": "urn:uuid:6b8ae9cf-d205-5a53-bc2b-8679e69ac1f3", "id": "CVE-2026-41239", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41239 affects version 2.4.0 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.0" } ] }, { "bom-ref": "urn:uuid:3440adbc-3487-56d8-8777-5c335b66f30c", "id": "CVE-2026-41240", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41240 affects version 2.4.0 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.0" } ] }, { "bom-ref": "urn:uuid:6a1640aa-6e27-5f34-b5a5-33bd8d085de2", "id": "GHSA-39q2-94rc-95cp", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-39q2-94rc-95cp affects version 2.4.0 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.0" } ] }, { "bom-ref": "urn:uuid:d4cc22f1-a17a-5186-abd8-d8b7deb86253", "id": "GHSA-cj63-jhhr-wcxv", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-cj63-jhhr-wcxv affects version 2.4.0 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.0" } ] }, { "bom-ref": "urn:uuid:a16158a8-8efd-515c-a95b-ff0d85433462", "id": "GHSA-cjmm-f4jc-qw8r", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-cjmm-f4jc-qw8r affects version 2.4.0 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.0" } ] }, { "bom-ref": "urn:uuid:ad5bebae-84f6-5955-9c94-82f526d92241", "id": "GHSA-h8r8-wccr-v5f2", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-h8r8-wccr-v5f2 affects version 2.4.0 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.0" } ] } ], "dependencies": [ { "ref": "pkg:npm/dompurify@2.4.0" } ] }