{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4a0d8fb1-b85f-5a86-b508-2514ccda6c89", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:pypi/mlflow@2.22.4", "type": "library", "name": "mlflow", "version": "2.22.4", "purl": "pkg:pypi/mlflow@2.22.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:76ecd5ba-f095-57b2-b45e-48b5f24c62da", "id": "CVE-2024-37059", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-37059 affects version 2.22.4 of mlflow." }, "affects": [ { "ref": "pkg:pypi/mlflow@2.22.4" } ] }, { "bom-ref": "urn:uuid:bb9c5865-2e0b-5633-9e0f-c6888e889237", "id": "CVE-2025-15036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-15036 affects version 2.22.4 of mlflow." }, "affects": [ { "ref": "pkg:pypi/mlflow@2.22.4" } ] }, { "bom-ref": "urn:uuid:6b9c2793-dd9e-5499-9fea-ec36c9f258e2", "id": "CVE-2025-15379", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-15379 affects version 2.22.4 of mlflow." }, "affects": [ { "ref": "pkg:pypi/mlflow@2.22.4" } ] }, { "bom-ref": "urn:uuid:cf4d8cd4-fce9-53d6-8b47-8833b4a8bcde", "id": "CVE-2025-15381", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-15381 affects version 2.22.4 of mlflow." }, "affects": [ { "ref": "pkg:pypi/mlflow@2.22.4" } ] }, { "bom-ref": "urn:uuid:93d6bfc0-72bf-59e0-aee6-33a85c5c8762", "id": "CVE-2026-0545", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-0545 affects version 2.22.4 of mlflow." }, "affects": [ { "ref": "pkg:pypi/mlflow@2.22.4" } ] }, { "bom-ref": "urn:uuid:376a3a31-800d-5ea2-a17d-2e039bdfe1d9", "id": "CVE-2026-2393", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2393 affects version 2.22.4 of mlflow." }, "affects": [ { "ref": "pkg:pypi/mlflow@2.22.4" } ] }, { "bom-ref": "urn:uuid:05189eb7-999d-5ad6-a9e0-017d310569a4", "id": "CVE-2026-25087", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25087 affects version 2.22.4 of mlflow." }, "affects": [ { "ref": "pkg:pypi/mlflow@2.22.4" } ] }, { "bom-ref": "urn:uuid:5b8528e2-ff04-5527-899f-4c8af46cccb8", "id": "CVE-2026-2652", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2652 affects version 2.22.4 of mlflow." }, "affects": [ { "ref": "pkg:pypi/mlflow@2.22.4" } ] }, { "bom-ref": "urn:uuid:516787fd-cc6a-5319-849c-8c3dcd7c2d01", "id": "CVE-2026-2734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2734 affects version 2.22.4 of mlflow." }, "affects": [ { "ref": "pkg:pypi/mlflow@2.22.4" } ] }, { "bom-ref": "urn:uuid:a775c907-98d1-5afa-b2aa-7cc822078f16", "id": "CVE-2026-33865", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33865 affects version 2.22.4 of mlflow." }, "affects": [ { "ref": "pkg:pypi/mlflow@2.22.4" } ] }, { "bom-ref": "urn:uuid:2f637111-d907-581a-a58c-73895ff83d90", "id": "CVE-2026-33866", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33866 affects version 2.22.4 of mlflow." }, "affects": [ { "ref": "pkg:pypi/mlflow@2.22.4" } ] } ], "dependencies": [ { "ref": "pkg:pypi/mlflow@2.22.4" } ] }