{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:97f7739d-ae5a-51c8-b269-d7c943f03d33", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/jsonwebtoken@5.4.0", "type": "library", "name": "jsonwebtoken", "version": "5.4.0", "purl": "pkg:npm/jsonwebtoken@5.4.0" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7c432d13-7747-507a-b50e-0b62d73afee1", "id": "CVE-2017-20162", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-20162 affects version 5.4.0 of jsonwebtoken." }, "affects": [ { "ref": "pkg:npm/jsonwebtoken@5.4.0" } ] }, { "bom-ref": "urn:uuid:916d534c-680d-5ffc-9111-358a649ef949", "id": "CVE-2022-23529", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-23529 is a false positive for jsonwebtoken 5.4.0." }, "affects": [ { "ref": "pkg:npm/jsonwebtoken@5.4.0" } ] }, { "bom-ref": "urn:uuid:7afa1505-7d0a-5d89-8fc9-15a8f9a7c66b", "id": "CVE-2022-23539", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-23539 affects version 5.4.0 of jsonwebtoken." }, "affects": [ { "ref": "pkg:npm/jsonwebtoken@5.4.0" } ] }, { "bom-ref": "urn:uuid:2741df7d-c087-578d-84f5-aff6db58d0e0", "id": "CVE-2022-23540", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-23540 affects version 5.4.0 of jsonwebtoken." }, "affects": [ { "ref": "pkg:npm/jsonwebtoken@5.4.0" } ] }, { "bom-ref": "urn:uuid:d2f5f138-e8d0-53d0-b73d-cab03ba1d0a7", "id": "CVE-2022-23541", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-23541 affects version 5.4.0 of jsonwebtoken." }, "affects": [ { "ref": "pkg:npm/jsonwebtoken@5.4.0" } ] } ], "dependencies": [ { "ref": "pkg:npm/jsonwebtoken@5.4.0" } ] }