{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:20e4a417-8e68-5136-8411-f8d3d9aa895e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/axios@0.15.3-tuxcare.2", "type": "library", "name": "axios", "version": "0.15.3-tuxcare.2", "purl": "pkg:npm/axios@0.15.3-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:60ae4bf4-23b4-5153-83aa-32a2a10622f3", "id": "CVE-2019-10742", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2019-10742 is fixed in version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5d9309c2-e870-5988-84b3-00bf7f339726", "id": "CVE-2020-28168", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-28168 is fixed in version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf276cef-3b43-56c4-a5ac-dd7d87d69a70", "id": "CVE-2021-3749", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-3749 is fixed in version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9dfccaf4-0245-5397-8884-b85098208bec", "id": "CVE-2023-45857", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-45857 is fixed in version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:708e6031-a80a-5d19-a432-a659be146279", "id": "CVE-2024-39338", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-39338 affects version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d34a65b5-a064-593b-81c3-a692f77dfcb1", "id": "CVE-2025-27152", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-27152 is fixed in version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8af26a1-adff-568b-800b-3332c144b7a0", "id": "CVE-2025-62718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62718 affects version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea8cd500-37a2-520d-b2b6-a60a8352740f", "id": "CVE-2026-25639", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25639 is fixed in version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb300303-bcf6-5513-bfcd-0bb67cd9901f", "id": "CVE-2026-40175", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40175 affects version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dd300891-74b3-5998-936f-4bd4c064fdd3", "id": "CVE-2026-42033", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42033 affects version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75ec5882-5b53-5ce4-9b7d-a2fcd8cc8eaf", "id": "CVE-2026-42034", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42034 affects version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a10be21b-231d-5243-a0b6-bb72d48bf5a8", "id": "CVE-2026-42035", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42035 affects version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d4018a8-7dbd-51e2-abd1-101eab5460cb", "id": "CVE-2026-42036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42036 affects version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:64c88ca7-33ce-51ec-95b0-19e6a71aac19", "id": "CVE-2026-42038", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42038 affects version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f001c9a4-829b-5f72-bb25-f27cfdb8658a", "id": "CVE-2026-42039", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42039 affects version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bafcf5d6-cfab-58b1-991c-30dbb6933bcc", "id": "CVE-2026-42040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42040 affects version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d9a66130-3e64-5113-ac80-9ad25faa2ee3", "id": "CVE-2026-42041", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42041 affects version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:51703c0f-d26c-5ab7-9c10-a6fec3d1cae8", "id": "CVE-2026-42042", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42042 affects version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3040a09f-c167-5ec3-bfd2-7360105db82e", "id": "CVE-2026-42043", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42043 affects version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef5f7ee0-1fcd-5f28-8830-e4748c28465f", "id": "CVE-2026-44486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44486 affects version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b5e14491-0805-59c4-84ef-c25929970c11", "id": "CVE-2026-44487", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-44487 does not affect version 0.15.3-tuxcare.2 of axios. not_affected \u2014 Axios version 0.15.3 is not affected by CVE-2026-44487. The vulnerability requires dynamic proxy re-resolution on redirect (a feature introduced in axios 0.27.2), which is absent from version 0.15.3. In this version, all redirects unconditionally reuse the same proxy configuration as the initial request, preventing the proxy credential leak scenario described in the CVE." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:96af4d70-0929-5671-8efc-a7785ce33b9d", "id": "CVE-2026-44490", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44490 affects version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ae2b5fb0-e3d1-5490-802e-01967c57b642", "id": "CVE-2026-44492", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-44492 does not affect version 0.15.3-tuxcare.2 of axios. not_affected \u2014 Target version 0.15.3-tuxcare.3 is NOT AFFECTED by CVE-2026-44492. The vulnerability requires the NO_PROXY environment variable mechanism to exist, which was not introduced until version 0.19.1 (commit 38de252, August 2018). The target version predates this feature entirely." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bcb00031-5d47-5d09-af3d-55d61fe72f49", "id": "CVE-2026-44496", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44496 affects version 0.15.3-tuxcare.2 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/axios@0.15.3-tuxcare.2" } ] }