{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:e6b8dc10-e63e-53c6-bff9-7d5c958c0a33",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:pypi/cryptography@42.0.0",
      "type": "library",
      "name": "cryptography",
      "version": "42.0.0",
      "purl": "pkg:pypi/cryptography@42.0.0"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:e8f00671-de0d-579b-85ef-ad4e4b776db4",
      "id": "CVE-2024-0727",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-0727 affects version 42.0.0 of cryptography."
      },
      "affects": [
        {
          "ref": "pkg:pypi/cryptography@42.0.0"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3c9db52e-e257-5de2-b540-4b2b7db5010b",
      "id": "CVE-2024-12797",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-12797 is fixed in version 42.0.0 of cryptography."
      },
      "affects": [
        {
          "ref": "pkg:pypi/cryptography@42.0.0"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:bc194c12-fee1-5790-8603-afdf81deecc5",
      "id": "CVE-2024-26130",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-26130 is fixed in version 42.0.0 of cryptography."
      },
      "affects": [
        {
          "ref": "pkg:pypi/cryptography@42.0.0"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b6834dd6-a97e-5b98-aab1-702f770853db",
      "id": "CVE-2026-26007",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-26007 affects version 42.0.0 of cryptography."
      },
      "affects": [
        {
          "ref": "pkg:pypi/cryptography@42.0.0"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e216a647-e033-52ef-9b32-50c0c067fe5c",
      "id": "CVE-2026-34073",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-34073 affects version 42.0.0 of cryptography."
      },
      "affects": [
        {
          "ref": "pkg:pypi/cryptography@42.0.0"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2b4e0c15-c62a-5def-b924-55fbd732c94e",
      "id": "GHSA-537c-gmf6-5ccf",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability GHSA-537c-gmf6-5ccf does not affect version 42.0.0 of cryptography. not_affected \u2014 The target repository (cryptography 42.0.0.post1+tuxcare source code) is not affected by GHSA-537c-gmf6-5ccf. This CVE concerns vulnerable OpenSSL bundled in pre-built PyPI wheels, not the cryptography source code itself. The CVE explicitly excludes source builds from its scope, stating that sdist users are responsible for their own OpenSSL. The target is a source repository with no vendored Op..."
      },
      "affects": [
        {
          "ref": "pkg:pypi/cryptography@42.0.0"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9eb15894-7cb6-50cc-adf1-f302cb703af8",
      "id": "GHSA-h4gh-qq45-vh27",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-h4gh-qq45-vh27 affects version 42.0.0 of cryptography."
      },
      "affects": [
        {
          "ref": "pkg:pypi/cryptography@42.0.0"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:pypi/cryptography@42.0.0"
    }
  ]
}