{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:47171aae-5cc2-5b99-b307-a2bd6dc6d3dd",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:composer/phpoffice/phpspreadsheet@4.5.0",
      "type": "library",
      "group": "phpoffice",
      "name": "phpspreadsheet",
      "version": "4.5.0",
      "purl": "pkg:composer/phpoffice/phpspreadsheet@4.5.0"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:06069a9b-0c82-5025-96df-befe34c61162",
      "id": "CVE-2026-34084",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-34084 affects version 4.5.0 of phpoffice/phpspreadsheet."
      },
      "affects": [
        {
          "ref": "pkg:composer/phpoffice/phpspreadsheet@4.5.0"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:11bf3085-61c9-5c4a-bcfc-1fd019f870e3",
      "id": "CVE-2026-35453",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-35453 affects version 4.5.0 of phpoffice/phpspreadsheet."
      },
      "affects": [
        {
          "ref": "pkg:composer/phpoffice/phpspreadsheet@4.5.0"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:82c39616-7999-502e-a4b8-a45972400c91",
      "id": "CVE-2026-40296",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40296 affects version 4.5.0 of phpoffice/phpspreadsheet."
      },
      "affects": [
        {
          "ref": "pkg:composer/phpoffice/phpspreadsheet@4.5.0"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:699f1741-739c-54f9-8eb4-e4480438b51a",
      "id": "CVE-2026-40863",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40863 affects version 4.5.0 of phpoffice/phpspreadsheet."
      },
      "affects": [
        {
          "ref": "pkg:composer/phpoffice/phpspreadsheet@4.5.0"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a975bcc4-5a8f-5ee2-9f6f-acc25484cbd9",
      "id": "CVE-2026-40902",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40902 affects version 4.5.0 of phpoffice/phpspreadsheet."
      },
      "affects": [
        {
          "ref": "pkg:composer/phpoffice/phpspreadsheet@4.5.0"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:composer/phpoffice/phpspreadsheet@4.5.0"
    }
  ]
}