{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d6820b8c-a191-53da-9a25-6cecb950b4b5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/express@4.18.2", "type": "library", "name": "express", "version": "4.18.2", "purl": "pkg:npm/express@4.18.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fe8072ae-c7cd-5f89-a4af-d2d89923682f", "id": "CVE-2024-29041", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-29041 affects version 4.18.2 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.2" } ] }, { "bom-ref": "urn:uuid:44307d4b-58e7-5513-93a7-c95804902093", "id": "CVE-2024-43796", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-43796 affects version 4.18.2 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.2" } ] }, { "bom-ref": "urn:uuid:21a6769e-8996-57b3-98de-bd07b7692eb7", "id": "CVE-2024-43799", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-43799 affects version 4.18.2 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.2" } ] }, { "bom-ref": "urn:uuid:e07ee5f8-5e59-5076-800e-422ac48a7e80", "id": "CVE-2024-43800", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-43800 affects version 4.18.2 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.2" } ] }, { "bom-ref": "urn:uuid:0a3a8401-50b2-54cd-b2df-3765782131b0", "id": "CVE-2024-45296", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-45296 affects version 4.18.2 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.2" } ] }, { "bom-ref": "urn:uuid:ba53162b-90ac-5a8c-9841-28973ce79fb2", "id": "CVE-2024-45590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-45590 affects version 4.18.2 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.2" } ] }, { "bom-ref": "urn:uuid:efc4826d-f62e-5fc7-b77d-9d363b0b5d8a", "id": "CVE-2024-47764", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-47764 affects version 4.18.2 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.2" } ] }, { "bom-ref": "urn:uuid:8d405f06-cf91-5ad3-9398-6722d9ece838", "id": "CVE-2024-52798", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52798 affects version 4.18.2 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.2" } ] }, { "bom-ref": "urn:uuid:21604e2a-adbc-55e9-a2ef-0cf25e552aec", "id": "CVE-2025-15284", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-15284 affects version 4.18.2 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.2" } ] }, { "bom-ref": "urn:uuid:ef197b45-4f88-54d7-bffb-cda8e8c6c0fc", "id": "CVE-2026-2391", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2391 affects version 4.18.2 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.2" } ] }, { "bom-ref": "urn:uuid:e46c2050-ddc6-5b25-9128-ae33225033b7", "id": "CVE-2026-4867", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-4867 affects version 4.18.2 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/express@4.18.2" } ] }