{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4b476d4d-4fa7-5acb-8807-8f2769eb25e5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:pypi/pillow@8.4.0", "type": "library", "name": "pillow", "version": "8.4.0", "purl": "pkg:pypi/pillow@8.4.0" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:484c0062-d237-5811-af66-dfc81713bdac", "id": "CVE-2022-22815", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22815 affects version 8.4.0 of pillow." }, "affects": [ { "ref": "pkg:pypi/pillow@8.4.0" } ] }, { "bom-ref": "urn:uuid:31a16c64-19ff-513c-abc5-318df7e54126", "id": "CVE-2022-22816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22816 affects version 8.4.0 of pillow." }, "affects": [ { "ref": "pkg:pypi/pillow@8.4.0" } ] }, { "bom-ref": "urn:uuid:d8c7e355-78dd-5f4c-87bb-3f9428d6a459", "id": "CVE-2023-44271", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44271 affects version 8.4.0 of pillow." }, "affects": [ { "ref": "pkg:pypi/pillow@8.4.0" } ] }, { "bom-ref": "urn:uuid:60b132e7-7978-5e81-94ff-298ce03ace8d", "id": "CVE-2024-28219", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-28219 affects version 8.4.0 of pillow." }, "affects": [ { "ref": "pkg:pypi/pillow@8.4.0" } ] }, { "bom-ref": "urn:uuid:bed91505-2f76-51cf-bd04-16b74044096d", "id": "CVE-2026-42308", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42308 affects version 8.4.0 of pillow." }, "affects": [ { "ref": "pkg:pypi/pillow@8.4.0" } ] }, { "bom-ref": "urn:uuid:164ba64c-31ff-59ff-97dd-92671adc5750", "id": "CVE-2026-42310", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42310 affects version 8.4.0 of pillow." }, "affects": [ { "ref": "pkg:pypi/pillow@8.4.0" } ] } ], "dependencies": [ { "ref": "pkg:pypi/pillow@8.4.0" } ] }