{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:df0d1c9f-7db3-5d73-a5c4-c029a83b92b1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/tar@2.2.2-tuxcare.1", "type": "library", "name": "tar", "version": "2.2.2-tuxcare.1", "purl": "pkg:npm/tar@2.2.2-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:56e49ae5-feae-56ec-b5e8-d868770bebdd", "id": "CVE-2016-1000232", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000232 affects version 2.2.2-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6038249b-e990-5051-9140-72dad6f65e89", "id": "CVE-2017-15010", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-15010 affects version 2.2.2-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:39cb33e4-f200-54c1-bbdf-abb3a74294fe", "id": "CVE-2021-32804", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-32804 is fixed in version 2.2.2-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a52f3020-8a67-5a9a-9b92-c95500a9ee0f", "id": "CVE-2021-37713", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-37713 is fixed in version 2.2.2-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b72780fa-6489-5d30-bec2-c5d85fb885a0", "id": "CVE-2023-26136", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-26136 affects version 2.2.2-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:efc1b14e-c8d4-5b72-b4c6-b38794180b7d", "id": "CVE-2024-28863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-28863 is fixed in version 2.2.2-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5dcad791-ac3b-5e67-877a-069de756e724", "id": "CVE-2026-23745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-23745 is fixed in version 2.2.2-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a8b3289b-1079-58db-8da2-0b02d54d691f", "id": "CVE-2026-23950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-23950 is fixed in version 2.2.2-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7c239f3-0d43-5473-a827-9f65a2e42db2", "id": "CVE-2026-24842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24842 is fixed in version 2.2.2-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb9c3beb-2f80-5435-a830-a616164f0b20", "id": "CVE-2026-26960", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-26960 is fixed in version 2.2.2-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:696ecc5d-071c-5317-9da4-98abe45a10f2", "id": "CVE-2026-29786", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29786 affects version 2.2.2-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f49a0f0e-bdad-57fb-bf1c-1e913566b4ed", "id": "CVE-2026-31802", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-31802 affects version 2.2.2-tuxcare.1 of tar." }, "affects": [ { "ref": "pkg:npm/tar@2.2.2-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/tar@2.2.2-tuxcare.1" } ] }