{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8e5d82e8-4762-56a0-92c3-fcff75f526c8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:pypi/pillow@11.3.0.post3+tuxcare", "type": "library", "name": "pillow", "version": "11.3.0.post3+tuxcare", "purl": "pkg:pypi/pillow@11.3.0.post3+tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:91eced14-9613-5926-97b7-4ef69f598f5c", "id": "CVE-2026-25990", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25990 is fixed in version 11.3.0.post3+tuxcare of pillow." }, "affects": [ { "ref": "pkg:pypi/pillow@11.3.0.post3+tuxcare" } ] }, { "bom-ref": "urn:uuid:8ce104e8-1b44-5bfa-9e80-08ddb953f6af", "id": "CVE-2026-40192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40192 is fixed in version 11.3.0.post3+tuxcare of pillow." }, "affects": [ { "ref": "pkg:pypi/pillow@11.3.0.post3+tuxcare" } ] }, { "bom-ref": "urn:uuid:c030a4b9-80f7-5c40-844e-f214e37ffbbf", "id": "CVE-2026-42308", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42308 affects version 11.3.0.post3+tuxcare of pillow." }, "affects": [ { "ref": "pkg:pypi/pillow@11.3.0.post3+tuxcare" } ] }, { "bom-ref": "urn:uuid:07099ac2-c7b0-5c02-ba7c-e34840fedb05", "id": "CVE-2026-42309", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42309 affects version 11.3.0.post3+tuxcare of pillow." }, "affects": [ { "ref": "pkg:pypi/pillow@11.3.0.post3+tuxcare" } ] }, { "bom-ref": "urn:uuid:b919a5a8-5a4a-5163-a3fa-351ef312f8d1", "id": "CVE-2026-42310", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42310 affects version 11.3.0.post3+tuxcare of pillow." }, "affects": [ { "ref": "pkg:pypi/pillow@11.3.0.post3+tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:pypi/pillow@11.3.0.post3+tuxcare" } ] }