{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:53ab24ee-65c2-5425-903b-436898bed968", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:pypi/pillow@11.2.1", "type": "library", "name": "pillow", "version": "11.2.1", "purl": "pkg:pypi/pillow@11.2.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e718dacf-3478-5d8b-8674-39f2043e80ba", "id": "CVE-2026-25990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25990 affects version 11.2.1 of pillow." }, "affects": [ { "ref": "pkg:pypi/pillow@11.2.1" } ] }, { "bom-ref": "urn:uuid:958a0c6f-51c1-5271-b698-84b75b18d227", "id": "CVE-2026-42308", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42308 affects version 11.2.1 of pillow." }, "affects": [ { "ref": "pkg:pypi/pillow@11.2.1" } ] }, { "bom-ref": "urn:uuid:dfa6aa3b-3dde-5ece-bb63-306b2e1f7894", "id": "CVE-2026-42309", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42309 affects version 11.2.1 of pillow." }, "affects": [ { "ref": "pkg:pypi/pillow@11.2.1" } ] }, { "bom-ref": "urn:uuid:0742bc74-34d2-5eea-9e08-c086aa7e7560", "id": "CVE-2026-42310", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42310 affects version 11.2.1 of pillow." }, "affects": [ { "ref": "pkg:pypi/pillow@11.2.1" } ] }, { "bom-ref": "urn:uuid:b7efaeb7-b0cc-53a9-b6f5-6d200e6caffe", "id": "CVE-2026-42311", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42311 affects version 11.2.1 of pillow." }, "affects": [ { "ref": "pkg:pypi/pillow@11.2.1" } ] } ], "dependencies": [ { "ref": "pkg:pypi/pillow@11.2.1" } ] }