{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:323a5c9a-91da-54cc-b5cb-39657d5581bf", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/express@4.18.1", "type": "library", "name": "express", "version": "4.18.1", "purl": "pkg:npm/express@4.18.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:67216024-52af-5e7d-8c7d-3ded25e2f002", "id": "CVE-2024-29041", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-29041 affects version 4.18.1 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.1" } ] }, { "bom-ref": "urn:uuid:9fde267c-faaf-5eb8-80f3-59d80377860a", "id": "CVE-2024-43796", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-43796 affects version 4.18.1 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.1" } ] }, { "bom-ref": "urn:uuid:edb855d3-2f7c-5fe3-85a5-bf43ae7f6c42", "id": "CVE-2024-45590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-45590 affects version 4.18.1 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.1" } ] }, { "bom-ref": "urn:uuid:3d566fdb-3cd9-5fbd-b0dd-4ede8dfa9c89", "id": "CVE-2025-15284", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-15284 affects version 4.18.1 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.1" } ] }, { "bom-ref": "urn:uuid:b66cfe15-89a9-500f-8422-99014a292f73", "id": "CVE-2026-2391", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2391 affects version 4.18.1 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/express@4.18.1" } ] }