{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:88d38979-6653-53f9-8232-37037ea94199", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/dompurify@3.1.6-tuxcare.2", "type": "library", "name": "dompurify", "version": "3.1.6-tuxcare.2", "purl": "pkg:npm/dompurify@3.1.6-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6ff85224-1762-54d3-8f9c-0b109cce63f9", "id": "CVE-2025-15599", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-15599 is fixed in version 3.1.6-tuxcare.2 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a8c833ce-b137-59cb-92b9-6c7fa290deeb", "id": "CVE-2025-26791", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-26791 is fixed in version 3.1.6-tuxcare.2 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7b7109d-a89c-51b9-a99a-52cbab353478", "id": "CVE-2026-0540", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-0540 is fixed in version 3.1.6-tuxcare.2 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b5d79a50-b801-5e25-af6b-bbdf06b0feeb", "id": "CVE-2026-41238", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41238 affects version 3.1.6-tuxcare.2 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a8a23445-3e01-596d-b952-8dfeddb868ee", "id": "CVE-2026-41239", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41239 affects version 3.1.6-tuxcare.2 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5e376581-dc58-5f02-acf1-a758a816bcf9", "id": "CVE-2026-41240", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41240 affects version 3.1.6-tuxcare.2 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea7dd296-7cfc-5a61-b561-d544c70fedc1", "id": "GHSA-39q2-94rc-95cp", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-39q2-94rc-95cp affects version 3.1.6-tuxcare.2 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:90236f08-125f-5ecf-ad3d-08a446d0fa7e", "id": "GHSA-cj63-jhhr-wcxv", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-cj63-jhhr-wcxv affects version 3.1.6-tuxcare.2 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:78214812-d606-5348-9281-632da1f76aac", "id": "GHSA-cjmm-f4jc-qw8r", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-cjmm-f4jc-qw8r affects version 3.1.6-tuxcare.2 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d5aa17b3-e085-509a-b884-be6915a0aa52", "id": "GHSA-h8r8-wccr-v5f2", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-h8r8-wccr-v5f2 is fixed in version 3.1.6-tuxcare.2 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/dompurify@3.1.6-tuxcare.2" } ] }