{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:a130dda3-0088-5270-aabf-c6abf88405a5",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:composer/laravel/framework@7.30.7-p1+tuxcare",
      "type": "library",
      "group": "laravel",
      "name": "framework",
      "version": "7.30.7-p1+tuxcare",
      "purl": "pkg:composer/laravel/framework@7.30.7-p1+tuxcare"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:f40b4676-3cdd-5fa5-a456-27024d28c2a9",
      "id": "AIKIDO-2026-10659",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability AIKIDO-2026-10659 is fixed in version 7.30.7-p1+tuxcare of laravel/framework."
      },
      "affects": [
        {
          "ref": "pkg:composer/laravel/framework@7.30.7-p1+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a2702318-71a3-527c-bd72-095775695d73",
      "id": "CVE-2025-27515",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-27515 affects version 7.30.7-p1+tuxcare of laravel/framework."
      },
      "affects": [
        {
          "ref": "pkg:composer/laravel/framework@7.30.7-p1+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fd50a224-a250-52bc-b8de-053f842c9eb0",
      "id": "GHSA-5vg9-5847-vvmq",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-5vg9-5847-vvmq affects version 7.30.7-p1+tuxcare of laravel/framework."
      },
      "affects": [
        {
          "ref": "pkg:composer/laravel/framework@7.30.7-p1+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f8681544-8782-50db-ad04-2e5cac35378c",
      "id": "GHSA-crmm-hgp2-wgrp",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability GHSA-crmm-hgp2-wgrp does not affect version 7.30.7-p1+tuxcare of laravel/framework. not_affected \u2014 Laravel 7.30.7-p1+tuxcare is not affected by GHSA-crmm-hgp2-wgrp. The vulnerability exists in the LocalFilesystemAdapter class which provides temporary signed URL generation for local filesystems. This class and the associated local file serving feature were introduced in Laravel 9.x and do not exist in Laravel 7.x."
      },
      "affects": [
        {
          "ref": "pkg:composer/laravel/framework@7.30.7-p1+tuxcare"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:composer/laravel/framework@7.30.7-p1+tuxcare"
    }
  ]
}