{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f7625899-e211-59b7-b34f-c728ecf08837", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/dompurify@2.4.7-tuxcare.1", "type": "library", "name": "dompurify", "version": "2.4.7-tuxcare.1", "purl": "pkg:npm/dompurify@2.4.7-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ceaeaf5f-3063-54d1-a9ab-b68806f12fa3", "id": "CVE-2024-45801", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-45801 is fixed in version 2.4.7-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bca71484-aff8-59e1-9eb4-237ef5396330", "id": "CVE-2024-47875", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-47875 is fixed in version 2.4.7-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84553854-6c6b-5e26-a782-566667caf28c", "id": "CVE-2025-26791", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-26791 is fixed in version 2.4.7-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2bb5a6ad-3501-59c5-8e89-3193b8af748b", "id": "CVE-2026-0540", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-0540 affects version 2.4.7-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0a8363df-aaea-59dd-9de2-f12fc994d65c", "id": "CVE-2026-41239", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41239 is fixed in version 2.4.7-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:89f40bec-606d-5391-9317-e4f14fcf1589", "id": "CVE-2026-41240", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41240 is fixed in version 2.4.7-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aadafbdb-be7e-5d6f-8ddc-fca7d1fbf648", "id": "CVE-2026-49458", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-49458 affects version 2.4.7-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eaea378a-97e2-58d9-b0e3-d18b835da993", "id": "CVE-2026-49459", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-49459 affects version 2.4.7-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:442ac92d-ed63-521d-b597-c8e125f29afd", "id": "CVE-2026-49978", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-49978 affects version 2.4.7-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86468b0c-6c30-5d85-a887-2db67480fb8e", "id": "GHSA-39q2-94rc-95cp", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-39q2-94rc-95cp is fixed in version 2.4.7-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa6f13c3-47b7-5752-be39-cf86c372954e", "id": "GHSA-76mc-f452-cxcm", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-76mc-f452-cxcm affects version 2.4.7-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12c86750-c8f1-5fa2-ab7f-a2847fff7ad2", "id": "GHSA-cj63-jhhr-wcxv", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-cj63-jhhr-wcxv is fixed in version 2.4.7-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb3953fe-9d3a-5f1d-90c6-a651d70e9f58", "id": "GHSA-cjmm-f4jc-qw8r", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-cjmm-f4jc-qw8r is fixed in version 2.4.7-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fee719ae-2af4-5702-ac13-701c5c40eed5", "id": "GHSA-cmwh-pvxp-8882", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-cmwh-pvxp-8882 affects version 2.4.7-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3a8efef5-c764-5994-9c29-4971680f7fde", "id": "GHSA-gvmj-g25r-r7wr", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-gvmj-g25r-r7wr affects version 2.4.7-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a05b32b3-dcdf-5e4c-b3ef-9e561131f55c", "id": "GHSA-h8r8-wccr-v5f2", "analysis": { "state": "resolved", "detail": "Vulnerability GHSA-h8r8-wccr-v5f2 is fixed in version 2.4.7-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fae9cc5f-e8ff-5cf9-917a-bbff3e6530d0", "id": "GHSA-vxr8-fq34-vvx9", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-vxr8-fq34-vvx9 does not affect version 2.4.7-tuxcare.1 of dompurify. not_affected \u2014 DOMPurify version 2.4.7 does not have the TRUSTED_TYPES_POLICY configuration option that is required for this vulnerability. The vulnerable feature (configurable Trusted Types policy) was introduced in version 3.0.3 (May 2023), while the target is version 2.4.7 which predates this feature." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:38565287-f0d7-5ea6-b6e9-6d4dc0fbf3a9", "id": "GHSA-x4vx-rjvf-j5p4", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-x4vx-rjvf-j5p4 affects version 2.4.7-tuxcare.1 of dompurify." }, "affects": [ { "ref": "pkg:npm/dompurify@2.4.7-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/dompurify@2.4.7-tuxcare.1" } ] }