{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:32c6ce93-5bce-56f8-acf3-87eacb46d8b9",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:composer/laravel/framework@12.58.0",
      "type": "library",
      "group": "laravel",
      "name": "framework",
      "version": "12.58.0",
      "purl": "pkg:composer/laravel/framework@12.58.0"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:14ef36f5-335f-5f9a-9e33-0518e2329e85",
      "id": "GHSA-5vg9-5847-vvmq",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-5vg9-5847-vvmq affects version 12.58.0 of laravel/framework."
      },
      "affects": [
        {
          "ref": "pkg:composer/laravel/framework@12.58.0"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6332f665-a830-5ffb-bc83-213505ac06b3",
      "id": "GHSA-crmm-hgp2-wgrp",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability GHSA-crmm-hgp2-wgrp does not affect version 12.58.0 of laravel/framework. Version 12.58.0 is not vulnerable. Summary: The target repository (Laravel v12.58.0) predates the introduction of the vulnerability. The vulnerable code pattern was introduced in v12.60.0 on May 15, 2026, but the target is at v12.58.0 from May 5, 2026."
      },
      "affects": [
        {
          "ref": "pkg:composer/laravel/framework@12.58.0"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:composer/laravel/framework@12.58.0"
    }
  ]
}