{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:56a6a04c-2a70-5183-b329-553cdd35e91a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:pypi/dulwich@0.25.2.post1+tuxcare", "type": "library", "name": "dulwich", "version": "0.25.2.post1+tuxcare", "purl": "pkg:pypi/dulwich@0.25.2.post1+tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c6fdb954-e21e-56b0-af4a-e79c3126eafa", "id": "AIKIDO-2026-10554", "analysis": { "state": "resolved", "detail": "Vulnerability AIKIDO-2026-10554 is fixed in version 0.25.2.post1+tuxcare of dulwich." }, "affects": [ { "ref": "pkg:pypi/dulwich@0.25.2.post1+tuxcare" } ] }, { "bom-ref": "urn:uuid:24d71cfa-1a68-5beb-abcc-5a3ea4ac1226", "id": "CVE-2026-42305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42305 affects version 0.25.2.post1+tuxcare of dulwich." }, "affects": [ { "ref": "pkg:pypi/dulwich@0.25.2.post1+tuxcare" } ] }, { "bom-ref": "urn:uuid:6ce6e6fb-0155-5ffe-bd56-f890d4ea5013", "id": "CVE-2026-42563", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42563 affects version 0.25.2.post1+tuxcare of dulwich." }, "affects": [ { "ref": "pkg:pypi/dulwich@0.25.2.post1+tuxcare" } ] }, { "bom-ref": "urn:uuid:5a32e5bf-9bfb-52d5-8474-eea02e8f847d", "id": "CVE-2026-47712", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47712 affects version 0.25.2.post1+tuxcare of dulwich." }, "affects": [ { "ref": "pkg:pypi/dulwich@0.25.2.post1+tuxcare" } ] }, { "bom-ref": "urn:uuid:51445a79-d647-5576-9aa5-649ed145cb92", "id": "CVE-2026-47734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47734 affects version 0.25.2.post1+tuxcare of dulwich." }, "affects": [ { "ref": "pkg:pypi/dulwich@0.25.2.post1+tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:pypi/dulwich@0.25.2.post1+tuxcare" } ] }