{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2d9c3f6b-796c-5d1e-9fb3-2bf45318a0ff", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/express@3.21.2", "type": "library", "name": "express", "version": "3.21.2", "purl": "pkg:npm/express@3.21.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:43c18857-9911-54c3-b768-200d6de61367", "id": "CVE-2016-10539", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-10539 affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:1568f203-3e3e-5930-8e59-e3293a6443b8", "id": "CVE-2017-1000048", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-1000048 affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:6b25081f-5aea-5beb-994d-5bde5e303a10", "id": "CVE-2017-16119", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-16119 affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:c06e8239-5a8b-5cdd-a1dd-c08589b03b65", "id": "CVE-2017-16137", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-16137 affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:a00f6bb9-ffbd-5f37-9dc4-d2f20062eac3", "id": "CVE-2017-20162", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-20162 affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:5179f5b7-474d-57f6-a768-860a7aa528c7", "id": "CVE-2017-20165", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-20165 affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:3240ff1e-b862-513c-88a3-968569d14d45", "id": "CVE-2019-5413", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-5413 affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:a103f559-ed3f-5b36-bff2-b59ed3889883", "id": "CVE-2020-7598", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-7598 affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:850a1e7c-7e9e-5490-85d9-94f37ffacf21", "id": "CVE-2021-44906", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-44906 affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:ccecc299-df13-53ba-9389-b885c5d84636", "id": "CVE-2022-24999", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24999 affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:f5d23476-6d1f-57e4-b121-34c23b896c4d", "id": "CVE-2024-43799", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-43799 affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:887ec21d-9ac3-5b90-8aa2-497e4340f953", "id": "CVE-2024-43800", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-43800 affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:8f7721c4-b58d-5509-b9f8-2107a899e173", "id": "CVE-2024-45590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-45590 affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:5f18e36f-2325-5e4b-9d37-8512708bef6f", "id": "CVE-2024-47178", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-47178 affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:661d5436-80a8-57a7-87ea-10508a249d07", "id": "CVE-2024-47764", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-47764 affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:a58bcc21-5058-5f59-ad8d-12563ab34d5d", "id": "CVE-2025-15284", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-15284 affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:56b47287-2a78-55ad-8bc4-698e3196b200", "id": "CVE-2025-7339", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-7339 affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:563c6308-687a-56a4-9018-2905d8905b2e", "id": "CVE-2026-2391", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2391 affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:d8155ead-5f69-5bb4-b357-3934688c75e9", "id": "CVE-2026-8159", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-8159 affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:f16abdb7-1028-537d-943c-f0a7dcbc425d", "id": "CVE-2026-8161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-8161 affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:45fee4a4-fe76-5ec9-96a3-2bd1444714f2", "id": "CVE-2026-8162", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-8162 affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:7534e322-055e-5abe-989f-b2ae78335eab", "id": "GHSA-7fhm-mqm4-2wp7", "analysis": { "state": "false_positive", "detail": "Vulnerability GHSA-7fhm-mqm4-2wp7 is a false positive for express 3.21.2." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] }, { "bom-ref": "urn:uuid:515602b4-db33-51d5-84c9-7b64fd2aff19", "id": "GHSA-j4mr-9xw3-c9jx", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-j4mr-9xw3-c9jx affects version 3.21.2 of express." }, "affects": [ { "ref": "pkg:npm/express@3.21.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/express@3.21.2" } ] }