{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:8923381b-8981-5ea9-8dac-eacfcd52d734",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare",
      "type": "library",
      "name": "mlflow",
      "version": "2.22.4.post4+tuxcare",
      "purl": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:56588b7d-b5d9-5810-983e-01a0aa26b15b",
      "id": "CVE-2024-37059",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-37059 affects version 2.22.4.post4+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:cf2f66e6-c4e3-5cc1-9a56-21530daefb2e",
      "id": "CVE-2025-10279",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-10279 is fixed in version 2.22.4.post4+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c52c4a20-c818-5bae-b1d3-766f94df3829",
      "id": "CVE-2025-14279",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-14279 is fixed in version 2.22.4.post4+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3b24a572-10c0-587f-b982-dfe1939e1a8e",
      "id": "CVE-2025-14287",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-14287 is fixed in version 2.22.4.post4+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7410acf2-6282-54ba-95bc-fab292b8c9a5",
      "id": "CVE-2025-15031",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-15031 is fixed in version 2.22.4.post4+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:577d9c6b-c802-5513-a1f0-29135c75f7c4",
      "id": "CVE-2025-15036",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-15036 affects version 2.22.4.post4+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b460f998-b05c-5ff9-867f-064141606e75",
      "id": "CVE-2025-15379",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-15379 affects version 2.22.4.post4+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fdbd85c8-6557-5418-80c5-164ef6ff2492",
      "id": "CVE-2025-15381",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-15381 affects version 2.22.4.post4+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:943493b9-b6c5-58c8-aaa3-09bad4f4cfc6",
      "id": "CVE-2026-0545",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-0545 affects version 2.22.4.post4+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:81e4b415-2583-5ae7-88dd-0f7932565b54",
      "id": "CVE-2026-0596",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-0596 is fixed in version 2.22.4.post4+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f1038bcd-466e-5cde-8ae6-13929d903ec7",
      "id": "CVE-2026-2033",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-2033 is fixed in version 2.22.4.post4+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:370fbcbf-0fb1-55a8-b6e0-1adb154d1e88",
      "id": "CVE-2026-2393",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-2393 affects version 2.22.4.post4+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2e2a19b9-0d73-57c5-9a47-c145bc1c4d04",
      "id": "CVE-2026-25087",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-25087 affects version 2.22.4.post4+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:727d17fe-ef20-570d-9ed2-a1c7ed1fa667",
      "id": "CVE-2026-2614",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-2614 is fixed in version 2.22.4.post4+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:026b7d43-00b9-538f-9e95-e6bae261a442",
      "id": "CVE-2026-2635",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-2635 is fixed in version 2.22.4.post4+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0bd0b6d8-1ee7-5a5e-b480-0415b9d5ac35",
      "id": "CVE-2026-2652",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-2652 affects version 2.22.4.post4+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9150bc1b-9203-53a2-9c11-6e49f420f4be",
      "id": "CVE-2026-2734",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-2734 affects version 2.22.4.post4+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b8c50872-4962-5cfb-a059-6111d2345edb",
      "id": "CVE-2026-33865",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33865 affects version 2.22.4.post4+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1db728a4-2bd1-5ad9-9a27-672e2243e294",
      "id": "CVE-2026-33866",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33866 affects version 2.22.4.post4+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a0909fd1-3014-5eef-8514-5ca2e841c1c7",
      "id": "CVE-2026-4137",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-4137 is fixed in version 2.22.4.post4+tuxcare of mlflow."
      },
      "affects": [
        {
          "ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:pypi/mlflow@2.22.4.post4+tuxcare"
    }
  ]
}