{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ef1b2056-803a-5b11-9958-5ecb138d7648", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1", "type": "library", "name": "@astrojs/prism", "version": "1.9.2-tuxcare.1", "purl": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:712970b3-cf97-5ed1-a08a-dcda3da88bec", "id": "CVE-2013-7370", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-7370 is fixed in version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f5947580-029c-56ae-96d9-5e142825d133", "id": "CVE-2013-7371", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-7371 is fixed in version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a950447a-cbbf-574a-a5af-87bd5f8ca3f0", "id": "CVE-2018-3717", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-3717 is fixed in version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:209cae5d-093a-5104-bf67-d8254074d971", "id": "CVE-2024-23331", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23331 affects version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8eb375c4-5f47-57dd-bfd0-f8b416d897b6", "id": "CVE-2024-31207", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-31207 affects version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d7278b89-7595-568f-8ce3-6c3d3c989831", "id": "CVE-2024-45811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-45811 affects version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc12dc96-5f83-5573-8227-1094741ac816", "id": "CVE-2024-56140", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56140 is fixed in version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64a85165-2875-52cb-a596-526c04f65724", "id": "CVE-2024-56159", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56159 is fixed in version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:743225c5-f7ef-56fc-89f6-b24bce2e099a", "id": "CVE-2025-24010", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24010 affects version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9ba18e7-1fb1-50f9-9bce-be76072a7dd0", "id": "CVE-2025-30208", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-30208 affects version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:428b933d-a2f7-5343-8faf-ed114dbb0a78", "id": "CVE-2025-31125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31125 affects version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5beadc82-0ac0-59f8-9f56-2e893aef945d", "id": "CVE-2025-31486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31486 affects version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2536913e-6772-5084-a29f-0b1fdd3e3a01", "id": "CVE-2025-32395", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-32395 affects version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3358c730-b3e2-57a8-9b64-c1c07114f8f5", "id": "CVE-2025-46565", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46565 affects version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e3ba9d95-e90b-57d8-bdfe-0c605d2125d8", "id": "CVE-2025-55303", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55303 is fixed in version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4cee98b8-885f-5bc7-ad56-aaba41ed65d3", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4662de76-4c79-50ae-a37c-b4448f1d7ee5", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a9377c57-c22f-5a13-a97c-ce3d9731b3ec", "id": "CVE-2025-61925", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61925 is fixed in version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6881bec5-13ba-5a54-905e-543a9005ed1d", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8449dbd2-e40e-5245-94d8-d8689b12f03b", "id": "CVE-2025-64757", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-64757 is fixed in version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7263103-10f3-5c2a-a269-c63c75a0dfa7", "id": "CVE-2025-64764", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-64764 is fixed in version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f720f68-ccff-5ffa-a345-618e24b6bd2e", "id": "CVE-2025-64765", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-64765 is fixed in version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9719dea-474b-5b90-ad8c-478c750d10a7", "id": "CVE-2025-65019", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-65019 is fixed in version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3b95a1d-dac7-5d25-9f82-57954ce683e3", "id": "CVE-2025-66202", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66202 is fixed in version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:27acba3c-7847-5b78-bf55-8f4e0db61acf", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:33958120-7f77-517f-a42d-659999010937", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d32e24f0-8a71-517e-876e-4dd630c597ca", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0a83765d-58bc-5f3e-a791-59267e7bd846", "id": "CVE-2026-41067", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41067 is fixed in version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a61ccdbc-383d-5209-a129-30eb018c1063", "id": "CVE-2026-45028", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45028 affects version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:070b04ec-a8f8-5fd9-a9ac-7205c4627799", "id": "CVE-2026-50146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50146 affects version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:263b2293-10cd-5e41-a0ec-a9fb9b7592d0", "id": "CVE-2026-53571", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-53571 does not affect version 1.9.2-tuxcare.1 of @astrojs/prism. not_affected \u2014 Astro's codebase does not contain the vulnerable file access control logic described in CVE-2026-53571. The vulnerability exists in Vite's dev server file-serving middleware, which is a declared dependency (package.json shows 'vite': '~3.2.5'). Astro delegates all request handling directly to Vite without implementing its own file access control or path normalization logic. The vulnerable code ..." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:27ce4655-4bc1-5657-a73f-a66f9a115ca1", "id": "CVE-2026-54298", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54298 affects version 1.9.2-tuxcare.1 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a47cd82b-8de9-539b-aee0-c27e95b99dd9", "id": "CVE-2026-54299", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54299 does not affect version 1.9.2-tuxcare.1 of @astrojs/prism. not_affected \u2014 Astro version 1.9.2 is not affected by CVE-2026-54299. The vulnerability requires the prerendered error page HTTP fetching feature, which was introduced in Astro 5.12.9+. Version 1.9.2 renders all error pages in-process using the component system, not via HTTP fetch, eliminating the SSRF attack vector." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2-tuxcare.1" } ] }