{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4a6f7303-0aba-587d-9579-770bff733171", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/lodash@2.4.2", "type": "library", "name": "lodash", "version": "2.4.2", "purl": "pkg:npm/lodash@2.4.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0e1e5425-7dd4-5494-840d-a7de17ac7201", "id": "CVE-2019-1010266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-1010266 affects version 2.4.2 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@2.4.2" } ] }, { "bom-ref": "urn:uuid:78ae44d5-a323-5147-a272-99948dc99ddd", "id": "CVE-2020-28500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-28500 affects version 2.4.2 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@2.4.2" } ] }, { "bom-ref": "urn:uuid:7dc24c67-3144-57d6-96ad-9bbc22ea93c8", "id": "CVE-2020-8203", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-8203 affects version 2.4.2 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@2.4.2" } ] }, { "bom-ref": "urn:uuid:6e28f53e-d570-5f05-9002-a0c7a623dd8d", "id": "CVE-2025-13465", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-13465 affects version 2.4.2 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@2.4.2" } ] }, { "bom-ref": "urn:uuid:eda23faf-e224-5c87-a6a2-189b0f221ed1", "id": "CVE-2026-2950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2950 affects version 2.4.2 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@2.4.2" } ] }, { "bom-ref": "urn:uuid:af12f4ac-dd2f-5495-98ba-f2529563220a", "id": "CVE-2026-4800", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-4800 affects version 2.4.2 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@2.4.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/lodash@2.4.2" } ] }