{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:90919538-352a-512f-96b9-8b33a835a37e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/dompurify@3.1.6-tuxcare.1", "type": "library", "name": "dompurify", "version": "3.1.6-tuxcare.1", "purl": "pkg:npm/dompurify@3.1.6-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7be1deb4-35a9-59ce-a1f3-2d5dd8d51e79", "id": "CVE-2025-15599", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-15599 affects version 3.1.6-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18cb12f2-ecb4-56bc-8f41-cf771dd76cc8", "id": "CVE-2025-26791", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-26791 is fixed in version 3.1.6-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3117c4a-b55a-5b01-8fc3-0dc09bc42e6f", "id": "CVE-2026-0540", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-0540 affects version 3.1.6-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d535cb3d-8beb-556a-9fa4-c065d18c7ade", "id": "CVE-2026-41238", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41238 affects version 3.1.6-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aea1d4d6-96c9-5f57-9bd3-f04e25fd6ead", "id": "CVE-2026-41239", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41239 affects version 3.1.6-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e974d3c-4486-5fdd-8944-923ef68922a3", "id": "CVE-2026-41240", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41240 affects version 3.1.6-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:63e6112a-b5e8-5362-9f67-83f279c8f7a0", "id": "GHSA-39q2-94rc-95cp", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-39q2-94rc-95cp affects version 3.1.6-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6946a5c5-f7e8-5495-b244-3d980e8c2762", "id": "GHSA-cj63-jhhr-wcxv", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-cj63-jhhr-wcxv affects version 3.1.6-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f08c7010-33b8-526a-9bce-e7beb88104ba", "id": "GHSA-cjmm-f4jc-qw8r", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-cjmm-f4jc-qw8r affects version 3.1.6-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f3f10ca0-8b60-53c6-aa64-43f7b5fc7517", "id": "GHSA-h8r8-wccr-v5f2", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-h8r8-wccr-v5f2 affects version 3.1.6-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.1" } ] }