{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a2a6430e-e7fc-5d4e-a31a-a4d98fedf802", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/qs@1.2.2-tuxcare.1", "type": "library", "name": "qs", "version": "1.2.2-tuxcare.1", "purl": "pkg:npm/qs@1.2.2-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:38e91ecf-5c83-5d0c-bbc8-16fa2899cbcc", "id": "CVE-2017-1000048", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2017-1000048 is fixed in version 1.2.2-tuxcare.1 of qs." }, "affects": [ { "ref": "pkg:npm/qs@1.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2a4c3b44-4be3-5944-b45d-850f85e5756d", "id": "CVE-2022-24999", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-24999 is fixed in version 1.2.2-tuxcare.1 of qs." }, "affects": [ { "ref": "pkg:npm/qs@1.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8ff37bdf-04e0-55ce-8354-6c1c192809e1", "id": "CVE-2025-15284", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-15284 affects version 1.2.2-tuxcare.1 of qs." }, "affects": [ { "ref": "pkg:npm/qs@1.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:56634303-949a-5e94-a40b-c1f3b3fbf21c", "id": "CVE-2026-2391", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-2391 affects version 1.2.2-tuxcare.1 of qs." }, "affects": [ { "ref": "pkg:npm/qs@1.2.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0118ffe0-4087-5ead-890c-e4ca729e7962", "id": "CVE-2026-8723", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-8723 affects version 1.2.2-tuxcare.1 of qs." }, "affects": [ { "ref": "pkg:npm/qs@1.2.2-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/qs@1.2.2-tuxcare.1" } ] }