{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6f421131-f997-5322-985b-3634ba244e00", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40astrojs/prism@1.9.2", "type": "library", "name": "@astrojs/prism", "version": "1.9.2", "purl": "pkg:npm/%40astrojs/prism@1.9.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:79c907ae-edac-5e05-9111-e235ab58dd03", "id": "CVE-2024-23331", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23331 affects version 1.9.2 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2" } ] }, { "bom-ref": "urn:uuid:31da014f-be5a-564b-98d2-27dd45b1272a", "id": "CVE-2024-31207", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-31207 affects version 1.9.2 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2" } ] }, { "bom-ref": "urn:uuid:c19628ee-59fb-5097-a4aa-418c7dbbab6c", "id": "CVE-2024-45811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-45811 affects version 1.9.2 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2" } ] }, { "bom-ref": "urn:uuid:a7f68257-c400-5310-b8e8-a05fbc60faaf", "id": "CVE-2025-24010", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24010 affects version 1.9.2 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2" } ] }, { "bom-ref": "urn:uuid:cb44d15c-981f-5a94-ab21-87cbac35febb", "id": "CVE-2025-30208", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-30208 affects version 1.9.2 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2" } ] }, { "bom-ref": "urn:uuid:27603bd9-3a52-5d48-83f0-9551e1ccfb3e", "id": "CVE-2025-31125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31125 affects version 1.9.2 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2" } ] }, { "bom-ref": "urn:uuid:4de4af79-264f-5c1b-9445-19d722352090", "id": "CVE-2025-31486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31486 affects version 1.9.2 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2" } ] }, { "bom-ref": "urn:uuid:80ce8623-3f06-50c5-b451-fbed681073d6", "id": "CVE-2025-32395", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-32395 affects version 1.9.2 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2" } ] }, { "bom-ref": "urn:uuid:97882b83-b017-5e2d-9b65-ddf8ffb6334b", "id": "CVE-2025-46565", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46565 affects version 1.9.2 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2" } ] }, { "bom-ref": "urn:uuid:5d35e816-cef3-5bd4-93a5-185a01137d98", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 1.9.2 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2" } ] }, { "bom-ref": "urn:uuid:e9225c9d-99cb-57a2-8c8a-54518bac5981", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 1.9.2 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2" } ] }, { "bom-ref": "urn:uuid:671fcb54-1552-5f13-9eb4-168151e52723", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 1.9.2 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2" } ] }, { "bom-ref": "urn:uuid:e8ab048d-929b-5776-af1b-1735740b8ece", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 1.9.2 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2" } ] }, { "bom-ref": "urn:uuid:3240099f-08d6-5dc6-b651-a89da942cf84", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 1.9.2 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2" } ] }, { "bom-ref": "urn:uuid:0b48f203-0f1f-543b-82ed-4a2ffb5365c9", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 1.9.2 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2" } ] }, { "bom-ref": "urn:uuid:4749811c-c800-535f-a4a7-797fb94df821", "id": "CVE-2026-45028", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45028 affects version 1.9.2 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2" } ] }, { "bom-ref": "urn:uuid:db1f9c9d-924b-506e-b3c3-da232e390764", "id": "CVE-2026-50146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50146 affects version 1.9.2 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2" } ] }, { "bom-ref": "urn:uuid:154ded06-bebd-5226-acea-8429f7aac1af", "id": "CVE-2026-53571", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-53571 does not affect version 1.9.2 of @astrojs/prism. not_affected \u2014 Astro's codebase does not contain the vulnerable file access control logic described in CVE-2026-53571. The vulnerability exists in Vite's dev server file-serving middleware, which is a declared dependency (package.json shows 'vite': '~3.2.5'). Astro delegates all request handling directly to Vite without implementing its own file access control or path normalization logic. The vulnerable code ..." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2" } ] }, { "bom-ref": "urn:uuid:4dae1dd7-444b-5937-85aa-3a1d19860aef", "id": "CVE-2026-54298", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54298 affects version 1.9.2 of @astrojs/prism." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2" } ] }, { "bom-ref": "urn:uuid:af905aef-f0e7-52ac-8f51-0f6a04708e1b", "id": "CVE-2026-54299", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54299 does not affect version 1.9.2 of @astrojs/prism. not_affected \u2014 Astro version 1.9.2 is not affected by CVE-2026-54299. The vulnerability requires the prerendered error page HTTP fetching feature, which was introduced in Astro 5.12.9+. Version 1.9.2 renders all error pages in-process using the component system, not via HTTP fetch, eliminating the SSRF attack vector." }, "affects": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40astrojs/prism@1.9.2" } ] }