{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7093d638-e47d-5371-860e-39755a6216e3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/express@4.18.1-tuxcare.1", "type": "library", "name": "express", "version": "4.18.1-tuxcare.1", "purl": "pkg:npm/express@4.18.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:89b5b64f-c3cc-5527-ba91-759f4a35a4c2", "id": "CVE-2018-16487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-16487 is fixed in version 4.18.1-tuxcare.1 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b124244c-3440-5531-8e5e-16c73f718393", "id": "CVE-2018-3721", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-3721 is fixed in version 4.18.1-tuxcare.1 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84ca2894-92d1-5f4f-ac61-c5e269109dfe", "id": "CVE-2019-10744", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2019-10744 is fixed in version 4.18.1-tuxcare.1 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2169b47-377a-5675-9aa7-e6cb5313e623", "id": "CVE-2020-8203", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-8203 is fixed in version 4.18.1-tuxcare.1 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2e69f43d-4ae2-5ca2-82f2-251dc7dcbc75", "id": "CVE-2021-23337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-23337 is fixed in version 4.18.1-tuxcare.1 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe20ec78-9ccc-58c1-bc09-dfca932b4fb0", "id": "CVE-2024-29041", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-29041 is fixed in version 4.18.1-tuxcare.1 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f9275ce-f774-5ec5-ac2d-06e2e70abf63", "id": "CVE-2024-43796", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-43796 is fixed in version 4.18.1-tuxcare.1 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c304f72-5ba3-5894-9afc-84aceba6c45b", "id": "CVE-2024-45590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-45590 affects version 4.18.1-tuxcare.1 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce700665-831a-567e-a52d-b63bc0789db5", "id": "CVE-2025-15284", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-15284 affects version 4.18.1-tuxcare.1 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5680560b-1a21-5095-9093-28a5288dbda5", "id": "CVE-2026-2391", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2391 affects version 4.18.1-tuxcare.1 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fea415a5-e778-574c-a7cf-f20d0b2486b0", "id": "CVE-2026-2950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-2950 is fixed in version 4.18.1-tuxcare.1 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0756682d-cbd6-55f0-a9fe-d0618c401fa2", "id": "CVE-2026-8723", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-8723 affects version 4.18.1-tuxcare.1 of express." }, "affects": [ { "ref": "pkg:npm/express@4.18.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/express@4.18.1-tuxcare.1" } ] }