{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3f7015b9-4f3a-502c-914c-182eaf170646", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/jsonwebtoken@7.1.6", "type": "library", "name": "jsonwebtoken", "version": "7.1.6", "purl": "pkg:npm/jsonwebtoken@7.1.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e6a60448-80e0-5152-bf2d-2070ac4fcaac", "id": "CVE-2017-20162", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-20162 affects version 7.1.6 of jsonwebtoken." }, "affects": [ { "ref": "pkg:npm/jsonwebtoken@7.1.6" } ] }, { "bom-ref": "urn:uuid:11298c66-0391-52ca-b74a-68d657c59e16", "id": "CVE-2022-23529", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2022-23529 is a false positive for jsonwebtoken 7.1.6." }, "affects": [ { "ref": "pkg:npm/jsonwebtoken@7.1.6" } ] }, { "bom-ref": "urn:uuid:aed74bdf-39aa-53ba-96a4-528609b64f25", "id": "CVE-2022-23539", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-23539 affects version 7.1.6 of jsonwebtoken." }, "affects": [ { "ref": "pkg:npm/jsonwebtoken@7.1.6" } ] }, { "bom-ref": "urn:uuid:c34546ea-8e25-5768-9f44-61e5bdfd1efa", "id": "CVE-2022-23540", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-23540 affects version 7.1.6 of jsonwebtoken." }, "affects": [ { "ref": "pkg:npm/jsonwebtoken@7.1.6" } ] }, { "bom-ref": "urn:uuid:3d99648d-0f57-5031-8812-3d27058062d8", "id": "CVE-2022-23541", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-23541 affects version 7.1.6 of jsonwebtoken." }, "affects": [ { "ref": "pkg:npm/jsonwebtoken@7.1.6" } ] } ], "dependencies": [ { "ref": "pkg:npm/jsonwebtoken@7.1.6" } ] }