{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:481ccb83-d7d6-5c87-8745-6958332ef998", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:pypi/torch@2.1.0", "type": "library", "name": "torch", "version": "2.1.0", "purl": "pkg:pypi/torch@2.1.0" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ae749c5b-e18d-5813-9d98-599986b529cb", "id": "CVE-2024-31580", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-31580 affects version 2.1.0 of torch." }, "affects": [ { "ref": "pkg:pypi/torch@2.1.0" } ] }, { "bom-ref": "urn:uuid:4168831f-0445-540f-bb0f-c277d8ed53e6", "id": "CVE-2024-31583", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-31583 affects version 2.1.0 of torch." }, "affects": [ { "ref": "pkg:pypi/torch@2.1.0" } ] }, { "bom-ref": "urn:uuid:c6aec65e-6087-57d6-8953-22dffff7ce37", "id": "CVE-2024-7804", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-7804 is a false positive for torch 2.1.0." }, "affects": [ { "ref": "pkg:pypi/torch@2.1.0" } ] }, { "bom-ref": "urn:uuid:d7518f7d-c123-54ff-99ea-d14af6cf9040", "id": "CVE-2025-2148", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-2148 affects version 2.1.0 of torch." }, "affects": [ { "ref": "pkg:pypi/torch@2.1.0" } ] }, { "bom-ref": "urn:uuid:b80ee8e4-660b-5f78-9630-dab85b43d153", "id": "CVE-2025-2149", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-2149 affects version 2.1.0 of torch." }, "affects": [ { "ref": "pkg:pypi/torch@2.1.0" } ] }, { "bom-ref": "urn:uuid:7a5cc60c-2c0e-5a1c-973f-5ff18699ada2", "id": "CVE-2025-2953", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-2953 affects version 2.1.0 of torch." }, "affects": [ { "ref": "pkg:pypi/torch@2.1.0" } ] }, { "bom-ref": "urn:uuid:ff4994a9-43d8-55ed-b5ec-e655a0a4c75e", "id": "CVE-2025-2998", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-2998 affects version 2.1.0 of torch." }, "affects": [ { "ref": "pkg:pypi/torch@2.1.0" } ] }, { "bom-ref": "urn:uuid:4f734959-5aff-5aaf-b7dd-e0be62877bff", "id": "CVE-2025-2999", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-2999 affects version 2.1.0 of torch." }, "affects": [ { "ref": "pkg:pypi/torch@2.1.0" } ] }, { "bom-ref": "urn:uuid:f864337e-2306-51b4-82fb-63abd86625ff", "id": "CVE-2025-3000", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-3000 affects version 2.1.0 of torch." }, "affects": [ { "ref": "pkg:pypi/torch@2.1.0" } ] }, { "bom-ref": "urn:uuid:9c0e7308-20c6-5225-a0cc-c2b787696a49", "id": "CVE-2025-3001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-3001 affects version 2.1.0 of torch." }, "affects": [ { "ref": "pkg:pypi/torch@2.1.0" } ] }, { "bom-ref": "urn:uuid:59e1e96e-a72b-5773-b943-aca2247ad8cf", "id": "CVE-2025-32434", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-32434 affects version 2.1.0 of torch." }, "affects": [ { "ref": "pkg:pypi/torch@2.1.0" } ] }, { "bom-ref": "urn:uuid:999bf84d-ee80-58ce-8c2f-5e781770f36d", "id": "CVE-2025-3730", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-3730 affects version 2.1.0 of torch." }, "affects": [ { "ref": "pkg:pypi/torch@2.1.0" } ] } ], "dependencies": [ { "ref": "pkg:pypi/torch@2.1.0" } ] }