{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2658ce2c-ec72-5657-91a4-37c5e20a274f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:pypi/starlette@0.27.0", "type": "library", "name": "starlette", "version": "0.27.0", "purl": "pkg:pypi/starlette@0.27.0" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ed35a5a8-fb42-5e3b-a396-93cbb4b1c5f2", "id": "CVE-2025-62727", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62727 affects version 0.27.0 of starlette." }, "affects": [ { "ref": "pkg:pypi/starlette@0.27.0" } ] }, { "bom-ref": "urn:uuid:8a986dca-607e-556f-8c32-8053ebaeeb30", "id": "CVE-2026-48817", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-48817 affects version 0.27.0 of starlette." }, "affects": [ { "ref": "pkg:pypi/starlette@0.27.0" } ] }, { "bom-ref": "urn:uuid:72a1f433-e95f-599a-bc17-b8beae6a1ffd", "id": "CVE-2026-48818", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-48818 affects version 0.27.0 of starlette." }, "affects": [ { "ref": "pkg:pypi/starlette@0.27.0" } ] }, { "bom-ref": "urn:uuid:0a6eeac2-3638-5034-8441-7246fbbd67e1", "id": "CVE-2026-54283", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54283 affects version 0.27.0 of starlette." }, "affects": [ { "ref": "pkg:pypi/starlette@0.27.0" } ] }, { "bom-ref": "urn:uuid:a3d698ba-ca7c-5432-be0e-8feaa6136feb", "id": "GHSA-93gm-qmq6-w238", "analysis": { "state": "false_positive", "detail": "Vulnerability GHSA-93gm-qmq6-w238 is a false positive for starlette 0.27.0." }, "affects": [ { "ref": "pkg:pypi/starlette@0.27.0" } ] } ], "dependencies": [ { "ref": "pkg:pypi/starlette@0.27.0" } ] }