{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f39af1cd-5e2f-507c-8f59-5ef749829bbd", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1", "type": "library", "name": "@astrojs/telemetry", "version": "1.9.2-tuxcare.1", "purl": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:10cf30a8-4975-5baf-8471-16da94382dae", "id": "CVE-2013-7370", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-7370 is fixed in version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:338fd7e9-a0d2-543e-942b-65ac6e5f7f55", "id": "CVE-2013-7371", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-7371 is fixed in version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:caf4bef3-9ef9-5d7b-8721-c2ae4b212ac3", "id": "CVE-2018-3717", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-3717 is fixed in version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fac222f2-768e-5f1c-9ad5-b51e714e0056", "id": "CVE-2024-23331", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23331 affects version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d77706b-052b-5b92-b4c3-7cc2dc6faad9", "id": "CVE-2024-31207", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-31207 affects version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d44323ad-f173-5528-bcf7-94a49b3bd937", "id": "CVE-2024-45811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-45811 affects version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b4a7272-1667-5f00-afbd-a408ee1dbd77", "id": "CVE-2024-56140", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56140 is fixed in version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:07224412-d701-5029-8893-d655348aa950", "id": "CVE-2024-56159", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56159 is fixed in version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9165fbd0-030e-53a9-a8e1-358fed41aeab", "id": "CVE-2025-24010", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24010 affects version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f04c67e-9782-51aa-bb9c-725a2c0bae09", "id": "CVE-2025-30208", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-30208 affects version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:39ef86fc-2499-59ee-943c-f6a873745005", "id": "CVE-2025-31125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31125 affects version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1a64f38c-913d-51d2-896a-73de026d20b0", "id": "CVE-2025-31486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31486 affects version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:65a7b21f-2a06-5ac0-a0ed-c59ee3f012e4", "id": "CVE-2025-32395", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-32395 affects version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ecc22bc5-551c-596a-b468-17c09250ff09", "id": "CVE-2025-46565", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46565 affects version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a174adba-988f-5c1c-a832-22f85906bd64", "id": "CVE-2025-55303", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55303 is fixed in version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:995bdb9e-50ba-5da3-9829-cbc74f40ebdc", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f361c651-0a70-5851-8997-16e94f8f16d2", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62a277ba-e57e-53b8-8868-63735f631f55", "id": "CVE-2025-61925", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61925 is fixed in version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7764d7a0-9aa9-5eb4-b8d3-230dd9390c8b", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f9cb388-4105-5b53-a951-551c22e5061d", "id": "CVE-2025-64757", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-64757 is fixed in version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:45d253af-12da-5c3d-af1b-baf1c9934586", "id": "CVE-2025-64764", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-64764 is fixed in version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e2b3cc69-8453-5891-940e-ecbc958f4d9c", "id": "CVE-2025-64765", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-64765 is fixed in version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eba0069c-6392-5c1d-b11a-50f04eb2ac72", "id": "CVE-2025-65019", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-65019 is fixed in version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3502ab06-d470-55cc-b5a2-e9c71df0466e", "id": "CVE-2025-66202", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66202 is fixed in version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f0e09f0-2c24-5f0a-8118-f939c60030b5", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e2bf13af-92b1-56ec-9e56-071fca2265ba", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ffed7b23-bd5a-5338-b985-4e0b0bbdbeec", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4b46b1dd-8188-5d19-82f6-19e03c0df0b4", "id": "CVE-2026-41067", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41067 is fixed in version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c956ddff-6490-529c-a825-9a676c94f4c7", "id": "CVE-2026-45028", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45028 affects version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d94ec790-916a-5b58-bcfc-da85ad44b73a", "id": "CVE-2026-50146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50146 affects version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3076d8ff-2e36-550b-a26a-1d90c7170cc3", "id": "CVE-2026-53571", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-53571 does not affect version 1.9.2-tuxcare.1 of @astrojs/telemetry. not_affected \u2014 Astro's codebase does not contain the vulnerable file access control logic described in CVE-2026-53571. The vulnerability exists in Vite's dev server file-serving middleware, which is a declared dependency (package.json shows 'vite': '~3.2.5'). Astro delegates all request handling directly to Vite without implementing its own file access control or path normalization logic. The vulnerable code ..." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:124c3dcd-eaba-5f09-80e3-40a454ab7ca6", "id": "CVE-2026-54298", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54298 affects version 1.9.2-tuxcare.1 of @astrojs/telemetry." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d2b7835b-fca1-5171-aaf9-0e56dbd9d1c2", "id": "CVE-2026-54299", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54299 does not affect version 1.9.2-tuxcare.1 of @astrojs/telemetry. not_affected \u2014 Astro version 1.9.2 is not affected by CVE-2026-54299. The vulnerability requires the prerendered error page HTTP fetching feature, which was introduced in Astro 5.12.9+. Version 1.9.2 renders all error pages in-process using the component system, not via HTTP fetch, eliminating the SSRF attack vector." }, "affects": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40astrojs/telemetry@1.9.2-tuxcare.1" } ] }