{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d5704715-105b-527b-b9fc-b0b83036afcb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/axios@0.15.3", "type": "library", "name": "axios", "version": "0.15.3", "purl": "pkg:npm/axios@0.15.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9abb2cce-75f4-59b4-ac8c-4a76bae25bea", "id": "CVE-2025-62718", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62718 affects version 0.15.3 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3" } ] }, { "bom-ref": "urn:uuid:0398f754-5b50-5494-a661-7e6b6767d672", "id": "CVE-2026-40175", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40175 affects version 0.15.3 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3" } ] }, { "bom-ref": "urn:uuid:544cf3f0-d892-5e41-a9ca-f2e1929fa909", "id": "CVE-2026-42033", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42033 affects version 0.15.3 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3" } ] }, { "bom-ref": "urn:uuid:f42d2f29-ab4f-58d7-ae81-47d33ecf41cb", "id": "CVE-2026-42034", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42034 affects version 0.15.3 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3" } ] }, { "bom-ref": "urn:uuid:47c13cc2-c529-5ea9-9c7c-ee3e660cd0d0", "id": "CVE-2026-42035", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42035 affects version 0.15.3 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3" } ] }, { "bom-ref": "urn:uuid:65f8c493-e150-53dc-89d5-8144561f0967", "id": "CVE-2026-42036", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42036 affects version 0.15.3 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3" } ] }, { "bom-ref": "urn:uuid:d267ded7-a4c6-5747-b28f-8e9f6a7bb479", "id": "CVE-2026-42038", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42038 affects version 0.15.3 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3" } ] }, { "bom-ref": "urn:uuid:9bf8838c-99d7-5f40-888a-642f752567f1", "id": "CVE-2026-42039", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42039 affects version 0.15.3 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3" } ] }, { "bom-ref": "urn:uuid:9541e3a7-95b2-5e82-9bbc-8876fe4a5a09", "id": "CVE-2026-42040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42040 affects version 0.15.3 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3" } ] }, { "bom-ref": "urn:uuid:42591036-e426-5f1a-9b02-c7bf3ceb4a15", "id": "CVE-2026-42041", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42041 affects version 0.15.3 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3" } ] }, { "bom-ref": "urn:uuid:d77f266f-1342-527d-8e27-2e9e37dd4088", "id": "CVE-2026-42042", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42042 affects version 0.15.3 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3" } ] }, { "bom-ref": "urn:uuid:5d38d4c3-1963-55ae-bff3-2e4e80197f49", "id": "CVE-2026-42043", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42043 affects version 0.15.3 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3" } ] }, { "bom-ref": "urn:uuid:3a35a35f-ecb3-5499-89dc-37742ea537cd", "id": "CVE-2026-44486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44486 affects version 0.15.3 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3" } ] }, { "bom-ref": "urn:uuid:670f2125-8aee-5790-9f44-72a502cf5b7e", "id": "CVE-2026-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44487 affects version 0.15.3 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3" } ] }, { "bom-ref": "urn:uuid:244124a8-523b-515b-a476-62c1843d49f5", "id": "CVE-2026-44490", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44490 affects version 0.15.3 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3" } ] }, { "bom-ref": "urn:uuid:a76ebecc-0766-5d4a-b3a5-fb7e90b906cf", "id": "CVE-2026-44492", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-44492 does not affect version 0.15.3 of axios. not_affected \u2014 Target version 0.15.3-tuxcare.3 is NOT AFFECTED by CVE-2026-44492. The vulnerability requires the NO_PROXY environment variable mechanism to exist, which was not introduced until version 0.19.1 (commit 38de252, August 2018). The target version predates this feature entirely." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3" } ] }, { "bom-ref": "urn:uuid:d9c2c3c6-cee4-50c7-bc53-290fa699d4aa", "id": "CVE-2026-44496", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44496 affects version 0.15.3 of axios." }, "affects": [ { "ref": "pkg:npm/axios@0.15.3" } ] } ], "dependencies": [ { "ref": "pkg:npm/axios@0.15.3" } ] }