{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9ede3b82-6b7e-5c3b-a29d-29346bd1e798", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/lodash@2.4.2-tuxcare.1", "type": "library", "name": "lodash", "version": "2.4.2-tuxcare.1", "purl": "pkg:npm/lodash@2.4.2-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:216a75fb-0509-5847-b26e-7982ad3ebbd6", "id": "CVE-2018-16487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-16487 is fixed in version 2.4.2-tuxcare.1 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@2.4.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af05107a-3dd8-521d-9277-987ec49b71f6", "id": "CVE-2018-3721", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-3721 is fixed in version 2.4.2-tuxcare.1 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@2.4.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d1b4542-29d0-520b-bec2-c0a8b5a8464b", "id": "CVE-2019-1010266", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-1010266 affects version 2.4.2-tuxcare.1 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@2.4.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:145a9752-d193-5deb-b8d3-a1970edbd599", "id": "CVE-2019-10744", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2019-10744 is fixed in version 2.4.2-tuxcare.1 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@2.4.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7a6f4c3c-6d9e-5bb9-bb4e-f8e76d6e7f8e", "id": "CVE-2020-28500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-28500 affects version 2.4.2-tuxcare.1 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@2.4.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b70d2b1a-e8ae-5266-ad74-aaa1a94a877c", "id": "CVE-2020-8203", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-8203 affects version 2.4.2-tuxcare.1 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@2.4.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dce16926-16f1-5421-adc3-de09b517d90d", "id": "CVE-2021-23337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-23337 is fixed in version 2.4.2-tuxcare.1 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@2.4.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef261db2-c2c6-5d76-b161-4d7cf232532e", "id": "CVE-2025-13465", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-13465 affects version 2.4.2-tuxcare.1 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@2.4.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:06117236-e631-55ba-8938-9aa005586d9b", "id": "CVE-2026-2950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2950 affects version 2.4.2-tuxcare.1 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@2.4.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a602ecff-9d1c-538f-922f-245675267922", "id": "CVE-2026-4800", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-4800 affects version 2.4.2-tuxcare.1 of lodash." }, "affects": [ { "ref": "pkg:npm/lodash@2.4.2-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/lodash@2.4.2-tuxcare.1" } ] }