{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:6208af6a-475b-5474-a285-c997d6c05a51",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/file-type@17.1.6",
      "type": "library",
      "name": "file-type",
      "version": "17.1.6",
      "purl": "pkg:npm/file-type@17.1.6"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:93706011-adfb-58c6-a733-59a19b9b539c",
      "id": "CVE-2026-32630",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-32630 does not affect version 17.1.6 of file-type. not_affected \u2014 CVE-2026-32630 affects file-type versions 20.0.0 to 21.3.1 where unbounded ZIP decompression can cause memory exhaustion. Target version 17.1.6 predates the vulnerable decompression feature (introduced in v20.0.0 via commit 399b0f1) and does not decompress ZIP entries at all. The vulnerability pattern cannot manifest in this version."
      },
      "affects": [
        {
          "ref": "pkg:npm/file-type@17.1.6"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/file-type@17.1.6"
    }
  ]
}