{ "bomFormat": "CycloneDX", "specVersion": "1.6", "version": 1, "metadata": { "component": { "bom-ref": "pkg:oci/devguard-web@main?arch=amd64&repository_url=ghcr.io%2Fl3montree-dev%2Fdevguard-web&tag=main-amd64", "type": "application", "name": "pkg:oci/devguard-web@main?arch=amd64&repository_url=ghcr.io%2Fl3montree-dev%2Fdevguard-web&tag=main-amd64", "purl": "pkg:oci/devguard-web@main?arch=amd64&repository_url=ghcr.io%2Fl3montree-dev%2Fdevguard-web&tag=main-amd64" } }, "components": [ { "bom-ref": "pkg:npm/brace-expansion@5.0.4", "type": "library", "name": "brace-expansion", "version": "5.0.4", "purl": "pkg:npm/brace-expansion@5.0.4" }, { "bom-ref": "pkg:npm/next@15.5.15", "type": "library", "name": "next", "version": "15.5.15", "purl": "pkg:npm/next@15.5.15" }, { "bom-ref": "pkg:npm/picomatch@4.0.3", "type": "library", "name": "picomatch", "version": "4.0.3", "purl": "pkg:npm/picomatch@4.0.3" }, { "bom-ref": "pkg:oci/devguard-web@main?arch=amd64&repository_url=ghcr.io%2Fl3montree-dev%2Fdevguard-web&tag=main-amd64", "type": "application", "name": "pkg:oci/devguard-web@main?arch=amd64&repository_url=ghcr.io%2Fl3montree-dev%2Fdevguard-web&tag=main-amd64", "purl": "pkg:oci/devguard-web@main?arch=amd64&repository_url=ghcr.io%2Fl3montree-dev%2Fdevguard-web&tag=main-amd64" } ], "externalReferences": [ { "url": "https://api.main.devguard.org/api/v1/public/169319b7-8170-469f-9e31-f87b6054e507/refs/main/artifacts/pkg%3Aoci%2Fdevguard-web%3Frepository_url%3Dghcr.io%2Fl3montree-dev%2Fdevguard-web%26arch%3Damd64%26tag%3Dmain-amd64/vex.json/", "comment": "Up to date Vulnerability exploitability information.", "type": "exploitability-statement" }, { "url": "https://api.main.devguard.org/api/v1/public/169319b7-8170-469f-9e31-f87b6054e507/refs/main/artifacts/pkg%3Aoci%2Fdevguard-web%3Frepository_url%3Dghcr.io%2Fl3montree-dev%2Fdevguard-web%26arch%3Damd64%26tag%3Dmain-amd64/sbom.json/", "comment": "Software bill of materials.", "type": "bom" }, { "url": "https://main.devguard.org/l3montree-cybersecurity/projects/devguard/assets/devguard-web/refs/main?artifact=pkg%3Aoci%2Fdevguard-web%3Frepository_url%3Dghcr.io%2Fl3montree-dev%2Fdevguard-web%26arch%3Damd64%26tag%3Dmain-amd64", "comment": "Dynamic analysis report", "type": "dynamic-analysis-report" } ], "dependencies": [ { "ref": "pkg:npm/brace-expansion@5.0.4", "dependsOn": [] }, { "ref": "pkg:npm/next@15.5.15", "dependsOn": [] }, { "ref": "pkg:npm/picomatch@4.0.3", "dependsOn": [] }, { "ref": "pkg:oci/devguard-web@main?arch=amd64&repository_url=ghcr.io%2Fl3montree-dev%2Fdevguard-web&tag=main-amd64", "dependsOn": [ "pkg:npm/brace-expansion@5.0.4", "pkg:npm/picomatch@4.0.3", "pkg:npm/next@15.5.15" ] } ], "vulnerabilities": [ { "id": "GHSA-c2c7-rcm5-vvqj", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/GHSA-c2c7-rcm5-vvqj" }, "ratings": [ { "score": 7.5, "severity": "high", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "score": 4.25, "severity": "medium", "method": "DevGuard", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RC:C/CR:H/IR:H/AR:H", "justification": "{\"availabilityRequirement\":\"H\",\"baseScore\":7.5,\"confidentialityRequirement\":\"H\",\"epss\":0.00055,\"exploitExists\":false,\"integrityRequirement\":\"H\",\"risk\":4.25,\"underAttack\":false,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RC:C/CR:H/IR:H/AR:H\",\"verifiedExploitExists\":false}" } ], "analysis": { "state": "in_triage", "firstIssued": "2026-04-07T22:39:10Z", "lastUpdated": "2026-04-07T22:39:10Z" }, "affects": [ { "ref": "pkg:npm/picomatch@4.0.3" } ] }, { "id": "GHSA-5f7q-jpqc-wp7h", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/GHSA-5f7q-jpqc-wp7h" }, "ratings": [ { "score": 5.9, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "score": 1.77, "severity": "low", "method": "DevGuard", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RC:C/CR:H/IR:H/AR:H", "justification": "{\"availabilityRequirement\":\"H\",\"baseScore\":5.900000095367432,\"confidentialityRequirement\":\"H\",\"epss\":0.00089,\"exploitExists\":false,\"integrityRequirement\":\"H\",\"risk\":1.77,\"underAttack\":false,\"vector\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RC:C/CR:H/IR:H/AR:H\",\"verifiedExploitExists\":false}" } ], "analysis": { "state": "in_triage", "firstIssued": "2026-04-13T08:01:18Z", "lastUpdated": "2026-04-13T08:01:18Z" }, "affects": [ { "ref": "pkg:npm/next@15.5.15" } ] }, { "id": "GHSA-3v7f-55p6-f55p", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/GHSA-3v7f-55p6-f55p" }, "ratings": [ { "score": 5.3, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "score": 2.8, "severity": "low", "method": "DevGuard", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RC:C/CR:H/IR:H/AR:H", "justification": "{\"availabilityRequirement\":\"H\",\"baseScore\":5.300000190734863,\"confidentialityRequirement\":\"H\",\"epss\":0.00165,\"exploitExists\":false,\"integrityRequirement\":\"H\",\"risk\":2.8,\"underAttack\":false,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RC:C/CR:H/IR:H/AR:H\",\"verifiedExploitExists\":false}" } ], "analysis": { "state": "in_triage", "firstIssued": "2026-04-07T22:39:10Z", "lastUpdated": "2026-04-07T22:39:10Z" }, "affects": [ { "ref": "pkg:npm/picomatch@4.0.3" } ] }, { "id": "GHSA-f886-m6hf-6m8v", "source": { "name": "NVD", "url": "https://nvd.nist.gov/vuln/detail/GHSA-f886-m6hf-6m8v" }, "ratings": [ { "score": 6.5, "severity": "medium", "method": "CVSSv31", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "score": 3.8, "severity": "low", "method": "DevGuard", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RC:C/CR:H/IR:H/AR:H", "justification": "{\"availabilityRequirement\":\"H\",\"baseScore\":6.5,\"confidentialityRequirement\":\"H\",\"epss\":0.00058,\"exploitExists\":false,\"integrityRequirement\":\"H\",\"risk\":3.8,\"underAttack\":false,\"vector\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RC:C/CR:H/IR:H/AR:H\",\"verifiedExploitExists\":false}" } ], "analysis": { "state": "in_triage", "firstIssued": "2026-04-07T22:39:11Z", "lastUpdated": "2026-04-07T22:39:11Z" }, "affects": [ { "ref": "pkg:npm/brace-expansion@5.0.4" } ] } ] }