{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d40614af-d20d-54e8-a6d7-402b8b42ad13", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/jpm@1.1.4", "type": "library", "name": "jpm", "version": "1.1.4", "purl": "pkg:npm/jpm@1.1.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:602188f4-49f0-5083-b495-23867154393c", "id": "CVE-2015-8855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-8855 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:40de0837-4671-595a-ba87-d481b5f8d730", "id": "CVE-2016-1000232", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000232 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:19529ad5-b7d4-5f7f-a849-9d23a29e39d5", "id": "CVE-2017-15010", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15010 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:fb3cc4e9-2207-5ab6-893d-dec11d0ec11a", "id": "CVE-2017-20162", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-20162 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:fc4c8791-40dd-571d-b0ea-6617fd014d8b", "id": "CVE-2018-16487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-16487 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:2316927c-a921-5a37-b8c9-dbe452beaa2f", "id": "CVE-2018-3721", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-3721 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:b8d24cff-9158-5b9c-adb0-544fcbdfe952", "id": "CVE-2019-1010266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-1010266 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:7df7861c-dbb1-5c1a-b3d7-4e78d92a924c", "id": "CVE-2019-10744", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-10744 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:fb51835b-9794-5a0f-b764-29d50b618a1e", "id": "CVE-2020-28500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-28500 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:03d8f5b4-c5a5-5816-808f-5fb341296895", "id": "CVE-2020-8203", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-8203 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:c4294997-5ec5-5aa0-9527-04e4559eba91", "id": "CVE-2020-8244", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-8244 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:f5842c7e-0de7-50a3-98b2-8eb800e445c2", "id": "CVE-2021-23337", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-23337 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:674247dc-9ee7-5475-b103-a094aac96821", "id": "CVE-2021-23413", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-23413 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:8ba450fc-eff7-5269-a35a-6121062de1b7", "id": "CVE-2021-42740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42740 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:6a9c1f2f-4f59-542a-8a78-c27cb5c6b904", "id": "CVE-2022-23529", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-23529 is a false positive for jpm 1.1.4." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:08017942-ec26-5ad7-8e60-24e4accd042f", "id": "CVE-2022-23539", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-23539 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:b5887914-9865-53b6-97a9-f9025fe24d9e", "id": "CVE-2022-23540", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-23540 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:ebfb982f-6400-5d5a-8246-8b5bbfb6331c", "id": "CVE-2022-23541", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-23541 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:1c20de5e-897f-5571-88b5-709c5e4b22bf", "id": "CVE-2022-25883", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25883 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:db966739-4761-58d5-b610-2df234bd9495", "id": "CVE-2022-3517", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-3517 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:3cf0c704-d7fd-5955-894a-8e9307fe309a", "id": "CVE-2022-48285", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-48285 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:d532b534-6b40-5f0b-8e81-c8dc44adac1b", "id": "CVE-2023-0842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-0842 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:ec55dd26-fd23-53aa-bbee-e676ced3a0f1", "id": "CVE-2023-26136", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26136 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:efb136a7-7f2a-52f4-9c38-b229137c5f53", "id": "CVE-2023-28155", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-28155 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:eceed945-80a9-572a-9d25-86ab604df057", "id": "CVE-2025-13465", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-13465 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:ea4a1818-a653-558f-9eaf-77c280874870", "id": "CVE-2025-15284", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-15284 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:49c8b149-06d1-5657-b57e-eee47dfdb637", "id": "CVE-2025-54798", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-54798 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:a4124624-f128-5612-ac80-a2150bc60685", "id": "CVE-2026-2391", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2391 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:f1b4587a-4939-5971-8bc7-8701b3bc31de", "id": "CVE-2026-26996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-26996 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:e4847fb4-44b7-5ec2-aa3c-e3d044e37346", "id": "CVE-2026-27903", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27903 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:56a0cba3-d1ad-5d51-9f24-29721b3cbd37", "id": "CVE-2026-27904", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27904 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:f48da8a1-4df7-5c42-9b33-394c8f8f94c2", "id": "CVE-2026-2950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2950 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:d78e321d-1f1c-517d-b73e-623dba3cae62", "id": "CVE-2026-4800", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-4800 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:8f036dbc-4968-5812-9d3f-4af454889139", "id": "GHSA-28xh-wpgr-7fm8", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-28xh-wpgr-7fm8 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:8b299131-2de2-5228-9a03-0dd2828b02fb", "id": "GHSA-2m96-9w4j-wgv7", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-2m96-9w4j-wgv7 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:63bc4037-be1b-57f1-b3bf-4705e2fc0ac6", "id": "GHSA-73v8-v6g4-vrpm", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-73v8-v6g4-vrpm affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }, { "bom-ref": "urn:uuid:13c2c45c-6985-5e73-a5d4-6bacd16bd7b1", "id": "GHSA-h726-x36v-rx45", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-h726-x36v-rx45 affects version 1.1.4 of jpm." }, "affects": [ { "ref": "pkg:npm/jpm@1.1.4" } ] } ], "dependencies": [ { "ref": "pkg:npm/jpm@1.1.4" } ] }