{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:afa2643e-27aa-5af7-a65c-b4838710effe",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare",
      "type": "library",
      "name": "mlflow",
      "version": "2.22.4.post3+tuxcare",
      "purl": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:65775589-42be-5dd5-a07e-7a9d181aeb3c",
      "id": "CVE-2024-37059",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-37059 affects version 2.22.4.post3+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:32cbf3b5-e214-5b54-b08c-70189f4a971e",
      "id": "CVE-2025-10279",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-10279 is fixed in version 2.22.4.post3+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f97da0a2-c53f-5b1e-8dcd-62ca646327c4",
      "id": "CVE-2025-14279",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-14279 is fixed in version 2.22.4.post3+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:13c8f309-7df7-51db-ae04-ec4e695f2ab9",
      "id": "CVE-2025-14287",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-14287 is fixed in version 2.22.4.post3+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:aa0f30ab-7288-5b3f-a7d7-60c59a7f2970",
      "id": "CVE-2025-15031",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-15031 is fixed in version 2.22.4.post3+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3e938ffb-ac44-5a66-9e3b-adc4f3da28c9",
      "id": "CVE-2025-15036",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-15036 affects version 2.22.4.post3+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:dde1a440-2075-5034-8d00-7af3c78609c3",
      "id": "CVE-2025-15379",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-15379 affects version 2.22.4.post3+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:febfd223-ac55-5c93-9852-323e8ee582fc",
      "id": "CVE-2025-15381",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-15381 affects version 2.22.4.post3+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:cbce944e-de56-5a96-93b8-85ff07df2854",
      "id": "CVE-2026-0545",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-0545 affects version 2.22.4.post3+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:23419c45-15ac-50a5-b92b-f7229e16e210",
      "id": "CVE-2026-0596",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-0596 is fixed in version 2.22.4.post3+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:944a0918-00ac-58bf-8043-88048e993c98",
      "id": "CVE-2026-2033",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-2033 is fixed in version 2.22.4.post3+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e077b428-6797-50a9-aa96-1a6b983ef42f",
      "id": "CVE-2026-2393",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-2393 affects version 2.22.4.post3+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d637c2f0-33cf-53d5-8b25-027788cefb0a",
      "id": "CVE-2026-25087",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-25087 affects version 2.22.4.post3+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:177c414a-92ca-5625-ae17-6f9ee05e714e",
      "id": "CVE-2026-2614",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-2614 is fixed in version 2.22.4.post3+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5b4b7588-6cef-57b9-8c1e-c5ab5e2bc397",
      "id": "CVE-2026-2635",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-2635 is fixed in version 2.22.4.post3+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:cca368df-dbfd-5b92-9db4-a312b039b4b6",
      "id": "CVE-2026-2652",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-2652 affects version 2.22.4.post3+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6e82e36b-3a3f-5f0f-bc7a-505d8176c31c",
      "id": "CVE-2026-2734",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-2734 affects version 2.22.4.post3+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a01b49eb-dea7-509c-b52d-d9b931f81f4e",
      "id": "CVE-2026-33865",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33865 affects version 2.22.4.post3+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3eb255b7-1c72-5b6a-86e4-34413e36c4da",
      "id": "CVE-2026-33866",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33866 affects version 2.22.4.post3+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8d9ef427-5bad-5f7c-aa90-9a85dad68e00",
      "id": "CVE-2026-4137",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-4137 affects version 2.22.4.post3+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:pypi/mlflow@2.22.4.post3+tuxcare"
    }
  ]
}