{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d3951de3-49e3-59bc-9868-2fc57181e34d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/protobufjs@5.0.0", "type": "library", "name": "protobufjs", "version": "5.0.0", "purl": "pkg:npm/protobufjs@5.0.0" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3c949ed4-f3dd-5714-990a-6b02339b7e7e", "id": "CVE-2018-3738", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-3738 affects version 5.0.0 of protobufjs." }, "affects": [ { "ref": "pkg:npm/protobufjs@5.0.0" } ] }, { "bom-ref": "urn:uuid:038049c6-1ea6-54d2-b760-4d7606d66e19", "id": "CVE-2026-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41242 affects version 5.0.0 of protobufjs." }, "affects": [ { "ref": "pkg:npm/protobufjs@5.0.0" } ] }, { "bom-ref": "urn:uuid:325d0c67-38ef-5572-a44a-e7827311f64d", "id": "CVE-2026-44288", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44288 affects version 5.0.0 of protobufjs." }, "affects": [ { "ref": "pkg:npm/protobufjs@5.0.0" } ] }, { "bom-ref": "urn:uuid:6cc79ae8-727f-58a4-a8de-a84c60117afd", "id": "CVE-2026-44289", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44289 affects version 5.0.0 of protobufjs." }, "affects": [ { "ref": "pkg:npm/protobufjs@5.0.0" } ] }, { "bom-ref": "urn:uuid:7292228e-c4df-52ad-bba3-e9495be362f2", "id": "CVE-2026-44290", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44290 affects version 5.0.0 of protobufjs." }, "affects": [ { "ref": "pkg:npm/protobufjs@5.0.0" } ] }, { "bom-ref": "urn:uuid:3e222ede-1dc2-5e36-be1f-bbe1146fef41", "id": "CVE-2026-44291", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44291 affects version 5.0.0 of protobufjs." }, "affects": [ { "ref": "pkg:npm/protobufjs@5.0.0" } ] }, { "bom-ref": "urn:uuid:e63c87eb-0b20-5183-b168-cae98e1675b4", "id": "CVE-2026-44292", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44292 affects version 5.0.0 of protobufjs." }, "affects": [ { "ref": "pkg:npm/protobufjs@5.0.0" } ] }, { "bom-ref": "urn:uuid:bfdf29ef-303d-5249-b810-908c334999bf", "id": "CVE-2026-44293", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44293 affects version 5.0.0 of protobufjs." }, "affects": [ { "ref": "pkg:npm/protobufjs@5.0.0" } ] }, { "bom-ref": "urn:uuid:040fd5ef-0d2a-5f42-b39c-2584750f1752", "id": "CVE-2026-44294", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44294 affects version 5.0.0 of protobufjs." }, "affects": [ { "ref": "pkg:npm/protobufjs@5.0.0" } ] }, { "bom-ref": "urn:uuid:090230fc-849b-55a0-bb50-44144169769f", "id": "CVE-2026-45740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45740 affects version 5.0.0 of protobufjs." }, "affects": [ { "ref": "pkg:npm/protobufjs@5.0.0" } ] }, { "bom-ref": "urn:uuid:0021915a-d1aa-5bf7-8644-b779b91c2a83", "id": "GHSA-4gpv-cvmq-6526", "analysis": { "state": "false_positive", "detail": "Vulnerability GHSA-4gpv-cvmq-6526 is a false positive for protobufjs 5.0.0." }, "affects": [ { "ref": "pkg:npm/protobufjs@5.0.0" } ] }, { "bom-ref": "urn:uuid:dac932e0-922b-5492-932a-d60bdd5d78db", "id": "GHSA-xq3m-2v4x-88gg", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-xq3m-2v4x-88gg affects version 5.0.0 of protobufjs." }, "affects": [ { "ref": "pkg:npm/protobufjs@5.0.0" } ] } ], "dependencies": [ { "ref": "pkg:npm/protobufjs@5.0.0" } ] }