{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:ff821cf5-3633-550e-b137-40971b4f717f",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/svelte@4.2.20-tuxcare.1",
      "type": "library",
      "name": "svelte",
      "version": "4.2.20-tuxcare.1",
      "purl": "pkg:npm/svelte@4.2.20-tuxcare.1"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:7a021fcc-331c-5b5e-8d14-aae9957d0a6b",
      "id": "CVE-2025-15265",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-15265 affects version 4.2.20-tuxcare.1 of svelte."
      },
      "affects": [
        {
          "ref": "pkg:npm/svelte@4.2.20-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c956635c-c479-57fc-ab68-35f8cd8b2aa2",
      "id": "CVE-2026-27121",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-27121 is fixed in version 4.2.20-tuxcare.1 of svelte."
      },
      "affects": [
        {
          "ref": "pkg:npm/svelte@4.2.20-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7f779bd0-ab5a-5f2e-8369-2a8dd8c5f3c3",
      "id": "CVE-2026-27122",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-27122 is fixed in version 4.2.20-tuxcare.1 of svelte."
      },
      "affects": [
        {
          "ref": "pkg:npm/svelte@4.2.20-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f44b425d-29b3-5c25-98a3-0d976cb0e79a",
      "id": "CVE-2026-27125",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-27125 is fixed in version 4.2.20-tuxcare.1 of svelte."
      },
      "affects": [
        {
          "ref": "pkg:npm/svelte@4.2.20-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:77f42f20-c293-5680-bcf8-d4700fd4e3f7",
      "id": "CVE-2026-27901",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-27901 is fixed in version 4.2.20-tuxcare.1 of svelte."
      },
      "affects": [
        {
          "ref": "pkg:npm/svelte@4.2.20-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:31cf1f41-b1f2-5c13-8f5c-38089a1fd50c",
      "id": "CVE-2026-42567",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-42567 affects version 4.2.20-tuxcare.1 of svelte."
      },
      "affects": [
        {
          "ref": "pkg:npm/svelte@4.2.20-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6df09923-f230-5955-834b-ca1df5e1bddd",
      "id": "CVE-2026-42573",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-42573 affects version 4.2.20-tuxcare.1 of svelte."
      },
      "affects": [
        {
          "ref": "pkg:npm/svelte@4.2.20-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:297598cc-9030-5312-84df-c5ea0ee3dfef",
      "id": "CVE-2026-42599",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-42599 affects version 4.2.20-tuxcare.1 of svelte."
      },
      "affects": [
        {
          "ref": "pkg:npm/svelte@4.2.20-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:63d906c5-69fe-55ea-bf7a-d4f7f7680a83",
      "id": "GHSA-f3cj-j4f6-wq85",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-f3cj-j4f6-wq85 affects version 4.2.20-tuxcare.1 of svelte."
      },
      "affects": [
        {
          "ref": "pkg:npm/svelte@4.2.20-tuxcare.1"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/svelte@4.2.20-tuxcare.1"
    }
  ]
}