{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f428ffcc-6312-5bff-bdad-88cd5a3943f6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40storybook/cli@7.0.7", "type": "library", "name": "@storybook/cli", "version": "7.0.7", "purl": "pkg:npm/%40storybook/cli@7.0.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e49e7150-ac46-5c22-bc5e-2e676dc8001c", "id": "CVE-2022-25883", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25883 affects version 7.0.7 of @storybook/cli." }, "affects": [ { "ref": "pkg:npm/%40storybook/cli@7.0.7" } ] }, { "bom-ref": "urn:uuid:c5c6f6ed-fe28-5627-ad5b-028963cef5e5", "id": "CVE-2023-45133", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-45133 affects version 7.0.7 of @storybook/cli." }, "affects": [ { "ref": "pkg:npm/%40storybook/cli@7.0.7" } ] }, { "bom-ref": "urn:uuid:b83dde0b-22bd-5d2e-ab67-d593f58f9af9", "id": "CVE-2025-68429", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68429 affects version 7.0.7 of @storybook/cli." }, "affects": [ { "ref": "pkg:npm/%40storybook/cli@7.0.7" } ] }, { "bom-ref": "urn:uuid:d1608288-c9a4-5074-926b-e657f902a8d3", "id": "CVE-2026-49356", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-49356 does not affect version 7.0.7 of @storybook/cli. not_affected \u2014 CVE-2026-49356 affects @babel/core's source map reading implementation, which is not present in the Storybook repository. Storybook declares @babel/core as a peer dependency but does not vendor or bundle its source code. The vulnerable code path (processing #sourceMappingURL comments and reading arbitrary source map files) does not exist in Storybook's codebase." }, "affects": [ { "ref": "pkg:npm/%40storybook/cli@7.0.7" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40storybook/cli@7.0.7" } ] }