{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7de2a3c3-29fe-5c0c-8a3c-4a5c2123fa39", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1", "type": "library", "name": "@astrojs/prism", "version": "0.26.1-tuxcare.1", "purl": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6442bfcb-8c25-5020-81ec-5d5dd88bb013", "id": "CVE-2024-23331", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23331 affects version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:389228ff-40b6-5b13-88c2-864fb8f08611", "id": "CVE-2024-31207", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-31207 affects version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e5799506-f1aa-5226-8bfc-e1ddbd621915", "id": "CVE-2024-45811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-45811 affects version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b77a3d35-be1c-5bad-9494-5ec9281b5990", "id": "CVE-2024-45812", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-45812 affects version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce462b4c-10bd-5ec7-b443-e14e9f3bb0d9", "id": "CVE-2024-56140", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56140 is fixed in version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b8f54c1-d3d7-543e-894f-f9858583eb81", "id": "CVE-2024-56159", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56159 is fixed in version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b05b60b-4bdd-5fdb-8204-8a75ed92d272", "id": "CVE-2025-24010", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24010 affects version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d9cd9e7-9696-5db0-adba-50c3513cf36e", "id": "CVE-2025-30208", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-30208 affects version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d7c17900-3198-562f-8785-fbb742f8900e", "id": "CVE-2025-31125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31125 affects version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4dc4bf6d-c646-543a-9351-7ce4dcb0ab7b", "id": "CVE-2025-31486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31486 affects version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67cdcabe-3821-5bad-8fe5-1b5e46bea60a", "id": "CVE-2025-32395", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-32395 affects version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:77039e5a-dc95-5ad1-9ac6-438d83bf99b3", "id": "CVE-2025-46565", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46565 affects version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:db80eda8-c816-50b6-b9cf-ce5f9474005a", "id": "CVE-2025-55303", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55303 is fixed in version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7d0997b7-4f05-51c9-a4c0-56063a99a067", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce4f8782-77c3-5e65-bdde-f33f0c90936b", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b6d214a-770b-5bf3-81a7-5d44ba08b18b", "id": "CVE-2025-61925", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61925 is fixed in version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67c50082-6797-5b77-8d4e-4aead196d78a", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:836ac161-00dd-55a8-9b0b-22166830c911", "id": "CVE-2025-64757", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-64757 is fixed in version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9bccc838-ecbf-5eb0-b5fd-b79ebcfb82c0", "id": "CVE-2025-64764", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-64764 is fixed in version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8fc11990-bc96-53e1-99dc-99693379f939", "id": "CVE-2025-64765", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-64765 is fixed in version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc2ec185-da59-5cde-9abb-c92cda7e48bf", "id": "CVE-2025-65019", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-65019 is fixed in version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c47c0953-7672-574c-b221-3b7d9975de59", "id": "CVE-2025-66202", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66202 is fixed in version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3b0d752-83b1-51f0-8f8d-3b822f92650c", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4eb5d289-c64d-5400-9122-5c6bec2dbe21", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8c5eec71-8475-5ef9-94f4-d4d41d64aef1", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b16b557-9c9a-53ad-9dc2-c9644a40a581", "id": "CVE-2026-41067", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41067 is fixed in version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d28e6b4b-0cc1-5a8c-8a5d-3ebead9eb33b", "id": "CVE-2026-45028", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45028 affects version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6acc121d-ce1d-5534-abf3-b22a207f7988", "id": "CVE-2026-50146", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50146 does not affect version 0.26.1-tuxcare.1 of @astrojs/prism. not_affected \u2014 Version 0.26.1 uses a fundamentally different slot hydration architecture that predates the vulnerable pattern. The target creates a single template element with a marker attribute `data-astro-template` (no value), while the modern version interpolates slot names into the attribute value. The dangerous operation (slot name interpolation into HTML attributes) does not exist in this version." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12351890-f918-5775-a6c5-c15ad8c399a4", "id": "CVE-2026-53571", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-53571 does not affect version 0.26.1-tuxcare.1 of @astrojs/prism. not_affected \u2014 CVE-2026-53571 affects Vite's dev server file access controls (server.fs.deny) which fail to normalize Windows NTFS ADS paths and 8.3 short names. The target repository (Astro 0.26.1) uses Vite as an external dependency but does not contain any implementation of the vulnerable code path. Static file serving and deny-list logic are entirely delegated to Vite. This is a dependency vulnerability, ..." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e9c3502-2df3-5684-9db2-fa563d385ef3", "id": "CVE-2026-54298", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54298 affects version 0.26.1-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f89b44a-4737-5fe4-b3db-cd92a311508d", "id": "CVE-2026-54299", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54299 does not affect version 0.26.1-tuxcare.1 of @astrojs/prism. not_affected \u2014 Target version 0.26.1 does not have the prerendered error page feature that is vulnerable in modern Astro. The RouteData interface lacks the 'prerender' field, and the error handling infrastructure that fetches error pages over HTTP (default-handler.ts) does not exist. When errors occur, this version returns simple inline Response objects without making any HTTP requests." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40astrojs/prism@0.26.1-tuxcare.1" } ] }