{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5a5fb089-46f9-59de-a4e0-386b9b6d8fde", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/express@3.4.8", "type": "library", "name": "express", "version": "3.4.8", "purl": "pkg:npm/express@3.4.8" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f37ac9b1-cbc3-5bea-a9eb-c5ec25856120", "id": "CVE-2014-6393", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-6393 affects version 3.4.8 of express." }, "affects": [ { "ref": "pkg:npm/express@3.4.8" } ] }, { "bom-ref": "urn:uuid:9bdc8327-424e-570e-ad58-fa742a2733b1", "id": "CVE-2014-6394", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-6394 affects version 3.4.8 of express." }, "affects": [ { "ref": "pkg:npm/express@3.4.8" } ] }, { "bom-ref": "urn:uuid:6e71709a-00c4-5aea-a0f0-97fbd78fd997", "id": "CVE-2015-8859", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-8859 affects version 3.4.8 of express." }, "affects": [ { "ref": "pkg:npm/express@3.4.8" } ] }, { "bom-ref": "urn:uuid:51f7f99e-042f-507d-9d94-4c09af1bc7ed", "id": "CVE-2016-1000236", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000236 affects version 3.4.8 of express." }, "affects": [ { "ref": "pkg:npm/express@3.4.8" } ] }, { "bom-ref": "urn:uuid:b9eb5c6b-bf0f-507a-bf27-f9809272df1c", "id": "CVE-2016-10539", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-10539 affects version 3.4.8 of express." }, "affects": [ { "ref": "pkg:npm/express@3.4.8" } ] }, { "bom-ref": "urn:uuid:48071f3a-e077-5739-8111-4d6cd77939a8", "id": "CVE-2017-16119", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-16119 affects version 3.4.8 of express." }, "affects": [ { "ref": "pkg:npm/express@3.4.8" } ] }, { "bom-ref": "urn:uuid:a05efc94-dc14-5b18-a033-43e45fb02b82", "id": "CVE-2017-16137", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-16137 affects version 3.4.8 of express." }, "affects": [ { "ref": "pkg:npm/express@3.4.8" } ] }, { "bom-ref": "urn:uuid:5da10c79-fa80-580a-bd05-5dda9c78960c", "id": "CVE-2017-20165", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-20165 affects version 3.4.8 of express." }, "affects": [ { "ref": "pkg:npm/express@3.4.8" } ] }, { "bom-ref": "urn:uuid:b0c07678-0033-5246-8394-3386fcdb15d4", "id": "CVE-2018-3717", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-3717 affects version 3.4.8 of express." }, "affects": [ { "ref": "pkg:npm/express@3.4.8" } ] }, { "bom-ref": "urn:uuid:9119e87d-3dd0-5430-9b5d-e0c12d9bfae4", "id": "CVE-2024-10491", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-10491 affects version 3.4.8 of express." }, "affects": [ { "ref": "pkg:npm/express@3.4.8" } ] }, { "bom-ref": "urn:uuid:4abd8460-f46f-5162-97e3-3a202128a5ce", "id": "CVE-2024-29041", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-29041 affects version 3.4.8 of express." }, "affects": [ { "ref": "pkg:npm/express@3.4.8" } ] }, { "bom-ref": "urn:uuid:72b56bcb-612e-51c4-8139-a85cad1489ee", "id": "CVE-2024-43796", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-43796 affects version 3.4.8 of express." }, "affects": [ { "ref": "pkg:npm/express@3.4.8" } ] }, { "bom-ref": "urn:uuid:a2ddb08c-16fa-58e6-b741-28a4259083d3", "id": "CVE-2024-43799", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-43799 affects version 3.4.8 of express." }, "affects": [ { "ref": "pkg:npm/express@3.4.8" } ] }, { "bom-ref": "urn:uuid:88429036-58d2-51d6-99d5-ac5ac8b576c4", "id": "CVE-2024-47764", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-47764 affects version 3.4.8 of express." }, "affects": [ { "ref": "pkg:npm/express@3.4.8" } ] }, { "bom-ref": "urn:uuid:d208adaf-78c2-52ee-af52-090957633613", "id": "CVE-2024-9266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-9266 affects version 3.4.8 of express." }, "affects": [ { "ref": "pkg:npm/express@3.4.8" } ] }, { "bom-ref": "urn:uuid:c0aa4b27-e81c-5953-86cb-30b7b220c4eb", "id": "CVE-2026-8159", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-8159 affects version 3.4.8 of express." }, "affects": [ { "ref": "pkg:npm/express@3.4.8" } ] }, { "bom-ref": "urn:uuid:8b2ef7cc-02d7-5fb9-becb-42d48ac35cb1", "id": "CVE-2026-8161", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-8161 affects version 3.4.8 of express." }, "affects": [ { "ref": "pkg:npm/express@3.4.8" } ] }, { "bom-ref": "urn:uuid:ce2dd05b-f7bc-51f7-9678-ab6c6eabc31d", "id": "CVE-2026-8162", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-8162 affects version 3.4.8 of express." }, "affects": [ { "ref": "pkg:npm/express@3.4.8" } ] } ], "dependencies": [ { "ref": "pkg:npm/express@3.4.8" } ] }