{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3be22e70-34aa-58f8-a4c1-e7fdfc547602", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1", "type": "library", "name": "@astrojs/rss", "version": "1.9.2-tuxcare.1", "purl": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0ddd47fa-0dfb-5b72-a728-126730417add", "id": "CVE-2013-7370", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-7370 is fixed in version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81776cda-9070-5c54-9ba4-7676e7756998", "id": "CVE-2013-7371", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-7371 is fixed in version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6f6327b-c596-5fb8-a031-78d1f1609e69", "id": "CVE-2018-3717", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-3717 is fixed in version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd2f6efc-7582-5711-ac5e-9aee2e192662", "id": "CVE-2024-23331", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23331 affects version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1a90b66b-3783-5000-ab3b-96598abbb356", "id": "CVE-2024-31207", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-31207 affects version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1952421e-160d-5f4e-a1d8-3e25540c6842", "id": "CVE-2024-45811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-45811 affects version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1255fea-85c5-5fd0-bf42-070ab060c80b", "id": "CVE-2024-56140", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56140 is fixed in version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:526fc1f4-2dd5-5a1d-aed5-287335911576", "id": "CVE-2024-56159", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56159 is fixed in version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c4db2f9b-b99f-5d05-9222-6cca0b827dd0", "id": "CVE-2025-24010", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24010 affects version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c6c95c84-4517-5d72-97ef-03d97c6a0400", "id": "CVE-2025-30208", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-30208 affects version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:08c7aeeb-b1c3-5d37-8bfc-7eb29b741dfa", "id": "CVE-2025-31125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31125 affects version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e54cb3b6-407b-561f-a2bd-1cd75c186818", "id": "CVE-2025-31486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31486 affects version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1b8411b9-5b81-5458-8f8e-7d15e7220833", "id": "CVE-2025-32395", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-32395 affects version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:338e6644-38fe-501e-9a5f-d242a7ea72ed", "id": "CVE-2025-46565", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46565 affects version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6c8c68f-214c-5328-aea5-582b9b805906", "id": "CVE-2025-55303", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55303 is fixed in version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4628e794-d547-5492-bb9b-b385453417d9", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:41315f66-93e1-5e81-8c84-cc26f9d41e95", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:29a23b36-a76c-570a-99d4-01bd4dc9b373", "id": "CVE-2025-61925", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61925 is fixed in version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2ed2a5e-8d4e-5578-a28c-50ce8ecb9724", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed3c64f9-9a97-5857-bddf-c91cd08ba3dc", "id": "CVE-2025-64757", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-64757 is fixed in version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd42880e-5ae6-5cda-bd53-4019513219a1", "id": "CVE-2025-64764", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-64764 is fixed in version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:55c0ea58-89f6-5481-8cef-46cdf9bc2bf8", "id": "CVE-2025-64765", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-64765 is fixed in version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0fc20e8-f137-54d5-9dd3-3e2913e1e861", "id": "CVE-2025-65019", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-65019 is fixed in version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a27b9d2-5001-5480-986f-61af6e97e430", "id": "CVE-2025-66202", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66202 is fixed in version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0d3ebc1-6ed7-54bb-b53d-a2da8faebe8c", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f27c107d-665b-56ad-af62-72d74a7843d1", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b3192be-976c-530a-b2b2-55c5c849deb9", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0fece781-a49f-593b-8164-a05d2c8e22a5", "id": "CVE-2026-41067", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41067 is fixed in version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ee9cb01-f70f-51fc-877f-d764ce09b12b", "id": "CVE-2026-45028", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45028 affects version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b774a285-9ea1-5983-851d-f9ae49c10dbf", "id": "CVE-2026-50146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50146 affects version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fbadf670-84c9-508b-bce1-da576c3ab7d6", "id": "CVE-2026-53571", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-53571 does not affect version 1.9.2-tuxcare.1 of @astrojs/rss. not_affected \u2014 Astro's codebase does not contain the vulnerable file access control logic described in CVE-2026-53571. The vulnerability exists in Vite's dev server file-serving middleware, which is a declared dependency (package.json shows 'vite': '~3.2.5'). Astro delegates all request handling directly to Vite without implementing its own file access control or path normalization logic. The vulnerable code ..." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69fa2d1c-6a2a-5f71-9725-bec48de74ae1", "id": "CVE-2026-54298", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54298 affects version 1.9.2-tuxcare.1 of @astrojs/rss." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c039f2d0-786e-5bd0-9fc3-8036c9a3c111", "id": "CVE-2026-54299", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54299 does not affect version 1.9.2-tuxcare.1 of @astrojs/rss. not_affected \u2014 Astro version 1.9.2 is not affected by CVE-2026-54299. The vulnerability requires the prerendered error page HTTP fetching feature, which was introduced in Astro 5.12.9+. Version 1.9.2 renders all error pages in-process using the component system, not via HTTP fetch, eliminating the SSRF attack vector." }, "affects": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40astrojs/rss@1.9.2-tuxcare.1" } ] }