{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c4eba6ef-71e9-538b-8795-4f252a68e5ae", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:pypi/poetry@1.7.0", "type": "library", "name": "poetry", "version": "1.7.0", "purl": "pkg:pypi/poetry@1.7.0" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e7e82e8b-e2fc-56c2-a11e-fb35b94a31b1", "id": "CVE-2025-68146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-68146 affects version 1.7.0 of poetry." }, "affects": [ { "ref": "pkg:pypi/poetry@1.7.0" } ] }, { "bom-ref": "urn:uuid:43defb8e-62be-509f-8967-10e29f97b8d3", "id": "CVE-2026-22701", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22701 affects version 1.7.0 of poetry." }, "affects": [ { "ref": "pkg:pypi/poetry@1.7.0" } ] }, { "bom-ref": "urn:uuid:c6de1740-449d-560d-9199-3e339d76aed8", "id": "CVE-2026-34591", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34591 affects version 1.7.0 of poetry." }, "affects": [ { "ref": "pkg:pypi/poetry@1.7.0" } ] }, { "bom-ref": "urn:uuid:deaff4d4-181e-5671-9d06-b734a062f790", "id": "CVE-2026-41140", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41140 affects version 1.7.0 of poetry." }, "affects": [ { "ref": "pkg:pypi/poetry@1.7.0" } ] }, { "bom-ref": "urn:uuid:c4e53969-bde2-5e95-8be8-b0a94c99ae48", "id": "CVE-2026-42305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42305 affects version 1.7.0 of poetry." }, "affects": [ { "ref": "pkg:pypi/poetry@1.7.0" } ] }, { "bom-ref": "urn:uuid:64940d86-4164-52ad-bed2-1f31f3f8592b", "id": "CVE-2026-47734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47734 affects version 1.7.0 of poetry." }, "affects": [ { "ref": "pkg:pypi/poetry@1.7.0" } ] } ], "dependencies": [ { "ref": "pkg:pypi/poetry@1.7.0" } ] }