{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:96aa6aee-3f50-57ba-b9fd-e9cc72627375", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/tar@2.2.1-tuxcare.1", "type": "library", "name": "tar", "version": "2.2.1-tuxcare.1", "purl": "pkg:npm/tar@2.2.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a780e763-1141-5f22-9d67-725ceb49a90c", "id": "CVE-2018-20834", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-20834 affects version 2.2.1-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:293cf8c9-4afd-5b29-9783-2bd13689f68f", "id": "CVE-2020-26311", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-26311 is fixed in version 2.2.1-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6b1cfe1-12c9-5136-aa19-3694f96b19a7", "id": "CVE-2021-32804", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-32804 is fixed in version 2.2.1-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6a4b49c-da67-586b-887e-0b8f0b5dd9b4", "id": "CVE-2021-37713", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37713 affects version 2.2.1-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9a4b706-ed0d-5d9e-834b-3edaeaf30f3f", "id": "CVE-2026-23745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-23745 affects version 2.2.1-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb605347-e023-5e30-a9b3-3f65528c6390", "id": "CVE-2026-23950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-23950 affects version 2.2.1-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b501a737-4c69-578b-bc81-1a42079393cb", "id": "CVE-2026-24842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24842 affects version 2.2.1-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:55b05d01-cdf1-5523-bb67-b9b84c03830e", "id": "CVE-2026-26960", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-26960 affects version 2.2.1-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc57b380-2fe1-51ce-a2bb-1c6402a3787a", "id": "CVE-2026-29786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29786 affects version 2.2.1-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0278e87b-c83f-5c2f-9a65-e1175aa18cab", "id": "CVE-2026-31802", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-31802 affects version 2.2.1-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cc886e2a-7917-51c4-af05-d9814a1be844", "id": "GHSA-v2p6-4mp7-3r9v", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-v2p6-4mp7-3r9v is fixed in version 2.2.1-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/tar@2.2.1-tuxcare.1" } ] }