{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1fd8a621-bef0-56f1-89a6-478bd16e9782", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:composer/laravel/framework@8.12.2", "type": "library", "group": "laravel", "name": "framework", "version": "8.12.2", "purl": "pkg:composer/laravel/framework@8.12.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:897a68d4-c89c-519a-bd75-d9e89632ce39", "id": "CVE-2021-43617", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2021-43617 is a false positive for laravel/framework 8.12.2. GitHub advisory GHSA-364w-9g92-3grq is withdrawn \u2014 https://github.com/advisories/GHSA-364w-9g92-3grq" }, "affects": [ { "ref": "pkg:composer/laravel/framework@8.12.2" } ] }, { "bom-ref": "urn:uuid:c3ff4193-3c95-577f-90e2-d36b39e0048f", "id": "CVE-2025-46734", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-46734 does not affect version 8.12.2 of laravel/framework. not_affected \u2014 Laravel Framework is not affected by CVE-2025-46734. While Laravel depends on league/commonmark, it only enables the TableExtension and does not use the vulnerable Attributes extension where the XSS vulnerability exists." }, "affects": [ { "ref": "pkg:composer/laravel/framework@8.12.2" } ] }, { "bom-ref": "urn:uuid:42f3ee1a-bb4d-5af4-875c-433633bf41ee", "id": "CVE-2026-30838", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-30838 does not affect version 8.12.2 of laravel/framework. not_affected \u2014 Laravel Framework is not affected by CVE-2026-30838. The vulnerability exists in the DisallowedRawHtml extension of league/commonmark, which Laravel does not use. Laravel's markdown processing (in Illuminate\\Mail\\Markdown) only uses the TableExtension and does not implement any HTML tag filtering via DisallowedRawHtml." }, "affects": [ { "ref": "pkg:composer/laravel/framework@8.12.2" } ] }, { "bom-ref": "urn:uuid:b2a92bbc-9482-5f19-a497-340caefe0868", "id": "CVE-2026-33347", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2026-33347 is a false positive for laravel/framework 8.12.2. false_positive \u2014 CVE-2026-33347 describes a vulnerability in a Markdown Embed extension with components (DomainFilteringAdapter, OscaroteroEmbedAdapter, EmbedRenderer) that process oEmbed content. This repository is laravel/framework (Laravel PHP web application framework), which does not contain any of these components, does not have embed/oEmbed functionality, and does not depend on the affected embed/embed l..." }, "affects": [ { "ref": "pkg:composer/laravel/framework@8.12.2" } ] }, { "bom-ref": "urn:uuid:d4d0041c-b8ac-5060-9de7-5a2a44ecdb9e", "id": "GHSA-5vg9-5847-vvmq", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-5vg9-5847-vvmq affects version 8.12.2 of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@8.12.2" } ] }, { "bom-ref": "urn:uuid:0339b217-3448-57f0-b56b-4afc052b880c", "id": "GHSA-c2pc-g5qf-rfrf", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-c2pc-g5qf-rfrf affects version 8.12.2 of laravel/framework." }, "affects": [ { "ref": "pkg:composer/laravel/framework@8.12.2" } ] }, { "bom-ref": "urn:uuid:7426d256-2233-5e3e-9472-64d76075d9fe", "id": "GHSA-crmm-hgp2-wgrp", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-crmm-hgp2-wgrp does not affect version 8.12.2 of laravel/framework. not_affected \u2014 Laravel 8.12.2 is not affected by GHSA-crmm-hgp2-wgrp. The vulnerability exists in Laravel 12.x's LocalFilesystemAdapter class which provides signed URL functionality for local filesystem storage. This feature does not exist in Laravel 8.12.2, which uses a different architecture where local filesystem adapters cannot generate temporary signed URLs." }, "affects": [ { "ref": "pkg:composer/laravel/framework@8.12.2" } ] } ], "dependencies": [ { "ref": "pkg:composer/laravel/framework@8.12.2" } ] }