{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d33b786c-1211-5d8b-9536-d9b430d26611", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/lodash@3.10.1", "type": "library", "name": "lodash", "version": "3.10.1", "purl": "pkg:npm/lodash@3.10.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:63546b27-ddaf-57f1-9e5a-00dc19f08198", "id": "CVE-2019-1010266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-1010266 affects version 3.10.1 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@3.10.1" } ] }, { "bom-ref": "urn:uuid:5808ff6d-a89e-5904-8053-30c56748f07d", "id": "CVE-2020-28500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-28500 affects version 3.10.1 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@3.10.1" } ] }, { "bom-ref": "urn:uuid:bd769ef8-59c4-56f5-9caf-9424d7f56167", "id": "CVE-2025-13465", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-13465 affects version 3.10.1 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@3.10.1" } ] }, { "bom-ref": "urn:uuid:3cfd1406-95ab-5164-8d9f-b5c9b9216f71", "id": "CVE-2026-2950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2950 affects version 3.10.1 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@3.10.1" } ] }, { "bom-ref": "urn:uuid:b1467617-cc84-50d0-98fd-4740811bcb01", "id": "CVE-2026-4800", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-4800 affects version 3.10.1 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@3.10.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/lodash@3.10.1" } ] }