{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7b3d7308-7940-5d02-bc65-b157be5d3c5e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/socket.io@2.1.1", "type": "library", "name": "socket.io", "version": "2.1.1", "purl": "pkg:npm/socket.io@2.1.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4919560f-4a27-5b3e-97a2-ab456895ce18", "id": "CVE-2020-28502", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-28502 affects version 2.1.1 of socket.io." }, "affects": [ { "ref": "pkg:npm/socket.io@2.1.1" } ] }, { "bom-ref": "urn:uuid:e1e34f8e-5e0e-53ae-b8b5-7ca20d620d43", "id": "CVE-2020-36048", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-36048 affects version 2.1.1 of socket.io." }, "affects": [ { "ref": "pkg:npm/socket.io@2.1.1" } ] }, { "bom-ref": "urn:uuid:80ec51ac-c230-51ab-8ebd-ef72c5b80a85", "id": "CVE-2020-36049", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-36049 affects version 2.1.1 of socket.io." }, "affects": [ { "ref": "pkg:npm/socket.io@2.1.1" } ] }, { "bom-ref": "urn:uuid:4d0ba99e-865c-565b-873d-cdd27d38a1c0", "id": "CVE-2021-31597", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-31597 affects version 2.1.1 of socket.io." }, "affects": [ { "ref": "pkg:npm/socket.io@2.1.1" } ] }, { "bom-ref": "urn:uuid:08af8b2e-83de-54d5-ae98-d6f8422754db", "id": "CVE-2022-2421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-2421 affects version 2.1.1 of socket.io." }, "affects": [ { "ref": "pkg:npm/socket.io@2.1.1" } ] }, { "bom-ref": "urn:uuid:eb728fe9-893d-57d4-84c1-b71534f2e298", "id": "CVE-2022-41940", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-41940 affects version 2.1.1 of socket.io." }, "affects": [ { "ref": "pkg:npm/socket.io@2.1.1" } ] }, { "bom-ref": "urn:uuid:68341004-b264-548b-8e8a-2eed5e98489c", "id": "CVE-2023-32695", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-32695 affects version 2.1.1 of socket.io." }, "affects": [ { "ref": "pkg:npm/socket.io@2.1.1" } ] }, { "bom-ref": "urn:uuid:9dc6b1a8-a7d9-5144-9942-c48d9f4e529c", "id": "CVE-2024-36751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-36751 affects version 2.1.1 of socket.io." }, "affects": [ { "ref": "pkg:npm/socket.io@2.1.1" } ] }, { "bom-ref": "urn:uuid:1136935f-4959-533c-80f7-eae6e832ba60", "id": "CVE-2024-37890", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-37890 affects version 2.1.1 of socket.io." }, "affects": [ { "ref": "pkg:npm/socket.io@2.1.1" } ] }, { "bom-ref": "urn:uuid:b3787a14-009c-5d33-9f69-fd3747bc0b2a", "id": "CVE-2024-38355", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38355 affects version 2.1.1 of socket.io." }, "affects": [ { "ref": "pkg:npm/socket.io@2.1.1" } ] }, { "bom-ref": "urn:uuid:5f50d857-cc00-5ef5-b7a6-d7f7c019cfc9", "id": "CVE-2024-47764", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-47764 affects version 2.1.1 of socket.io." }, "affects": [ { "ref": "pkg:npm/socket.io@2.1.1" } ] }, { "bom-ref": "urn:uuid:de171665-5bdc-5586-adcf-c406ec31541c", "id": "CVE-2026-33151", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33151 affects version 2.1.1 of socket.io." }, "affects": [ { "ref": "pkg:npm/socket.io@2.1.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/socket.io@2.1.1" } ] }