{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4479bdb6-6de6-59d2-804a-caf4313ca6bb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/dompurify@3.0.3", "type": "library", "name": "dompurify", "version": "3.0.3", "purl": "pkg:npm/dompurify@3.0.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3b3e5d8b-cec3-5a87-8b0d-b5c012238d3f", "id": "CVE-2024-45801", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-45801 affects version 3.0.3 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.0.3" } ] }, { "bom-ref": "urn:uuid:bf063d79-e3bb-5bc8-8e6c-9de9efa74513", "id": "CVE-2024-47875", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-47875 affects version 3.0.3 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.0.3" } ] }, { "bom-ref": "urn:uuid:dfc694a7-4c70-5bc4-b9af-6133d0ca3d0b", "id": "CVE-2025-26791", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-26791 affects version 3.0.3 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.0.3" } ] }, { "bom-ref": "urn:uuid:081ac18e-28be-593c-8399-b1e9b02bbac1", "id": "CVE-2026-0540", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-0540 affects version 3.0.3 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.0.3" } ] }, { "bom-ref": "urn:uuid:464727a0-c17c-5b38-a82a-f2dae4765999", "id": "CVE-2026-41238", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41238 affects version 3.0.3 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.0.3" } ] }, { "bom-ref": "urn:uuid:cb92d342-4400-5b14-b3a7-5d3fb8755092", "id": "CVE-2026-41239", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41239 affects version 3.0.3 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.0.3" } ] }, { "bom-ref": "urn:uuid:d37da033-fc56-559b-8f64-4efb63404746", "id": "CVE-2026-41240", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41240 affects version 3.0.3 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.0.3" } ] }, { "bom-ref": "urn:uuid:656211db-de83-55c4-93e0-a04eda721d01", "id": "GHSA-39q2-94rc-95cp", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-39q2-94rc-95cp affects version 3.0.3 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.0.3" } ] }, { "bom-ref": "urn:uuid:c26716e7-4311-5030-80dc-a13f87d10d72", "id": "GHSA-cj63-jhhr-wcxv", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-cj63-jhhr-wcxv affects version 3.0.3 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.0.3" } ] }, { "bom-ref": "urn:uuid:24ed9409-9e28-5b41-9612-62db42831a58", "id": "GHSA-cjmm-f4jc-qw8r", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-cjmm-f4jc-qw8r affects version 3.0.3 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.0.3" } ] }, { "bom-ref": "urn:uuid:4cb1ed49-be11-5958-9b75-3c9dad4decfa", "id": "GHSA-h8r8-wccr-v5f2", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-h8r8-wccr-v5f2 affects version 3.0.3 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.0.3" } ] } ], "dependencies": [ { "ref": "pkg:npm/dompurify@3.0.3" } ] }