{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e15becc4-3d7b-5d37-ba7a-5eb5057b393c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/lodash@3.10.1-tuxcare.2", "type": "library", "name": "lodash", "version": "3.10.1-tuxcare.2", "purl": "pkg:npm/lodash@3.10.1-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6510b7c8-c439-5ded-9e8d-cb03119e3d0a", "id": "CVE-2018-16487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-16487 is fixed in version 3.10.1-tuxcare.2 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@3.10.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb065edd-d109-5fc6-bf96-c6545ad0a79a", "id": "CVE-2018-3721", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-3721 is fixed in version 3.10.1-tuxcare.2 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@3.10.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5946011b-ee3e-5c07-906e-9e2eed5fae63", "id": "CVE-2019-1010266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-1010266 affects version 3.10.1-tuxcare.2 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@3.10.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7dae8244-2e80-518d-81e7-2694fdbe6cc0", "id": "CVE-2019-10744", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2019-10744 is fixed in version 3.10.1-tuxcare.2 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@3.10.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:acf749f4-3a02-554b-89da-97489d80f2fd", "id": "CVE-2020-28500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-28500 affects version 3.10.1-tuxcare.2 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@3.10.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:38dd0c96-7dd0-57e4-b040-5405f9be6871", "id": "CVE-2020-8203", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-8203 is fixed in version 3.10.1-tuxcare.2 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@3.10.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7a3530e8-bf82-53b9-9120-975cffa183db", "id": "CVE-2021-23337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-23337 is fixed in version 3.10.1-tuxcare.2 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@3.10.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca3e6cee-5a5f-566a-8cd3-0b90b7b4a5ce", "id": "CVE-2025-13465", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-13465 affects version 3.10.1-tuxcare.2 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@3.10.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a0a85ec6-040f-5cb4-8ef7-cf97e5653c47", "id": "CVE-2026-2950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2950 affects version 3.10.1-tuxcare.2 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@3.10.1-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d1791a7a-fd18-53e7-b9ae-1edea129b225", "id": "CVE-2026-4800", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-4800 affects version 3.10.1-tuxcare.2 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@3.10.1-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/lodash@3.10.1-tuxcare.2" } ] }