{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:75b9c771-b82e-5595-9eb0-246601cf5708", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/minimatch@0.2.5", "type": "library", "name": "minimatch", "version": "0.2.5", "purl": "pkg:npm/minimatch@0.2.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5aab5568-6db6-58ea-9a7e-a923ab19d493", "id": "CVE-2016-10540", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-10540 affects version 0.2.5 of minimatch." }, "affects": [ { "ref": "pkg:npm/minimatch@0.2.5" } ] }, { "bom-ref": "urn:uuid:6c00e99d-a2c8-5eca-afa3-3a7b886a791d", "id": "CVE-2022-3517", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-3517 affects version 0.2.5 of minimatch." }, "affects": [ { "ref": "pkg:npm/minimatch@0.2.5" } ] }, { "bom-ref": "urn:uuid:492be4e7-19a3-507f-b0ce-5eca29690027", "id": "CVE-2026-26996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-26996 affects version 0.2.5 of minimatch." }, "affects": [ { "ref": "pkg:npm/minimatch@0.2.5" } ] }, { "bom-ref": "urn:uuid:3eab8dc4-c8cd-5c62-b53b-1f85b8748782", "id": "CVE-2026-27903", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27903 affects version 0.2.5 of minimatch." }, "affects": [ { "ref": "pkg:npm/minimatch@0.2.5" } ] }, { "bom-ref": "urn:uuid:990d34a3-d027-5b0a-8e6d-0fde47e570dc", "id": "CVE-2026-27904", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27904 affects version 0.2.5 of minimatch." }, "affects": [ { "ref": "pkg:npm/minimatch@0.2.5" } ] } ], "dependencies": [ { "ref": "pkg:npm/minimatch@0.2.5" } ] }