{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:f595a15f-d317-5b8c-972c-e358beb19b79",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/%40astrojs/telemetry@1.9.2",
      "type": "library",
      "name": "@astrojs/telemetry",
      "version": "1.9.2",
      "purl": "pkg:npm/%40astrojs/telemetry@1.9.2"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:87b5e30e-adb3-58d4-bc83-142b1748e7e6",
      "id": "CVE-2024-23331",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-23331 affects version 1.9.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@1.9.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4d982d64-6c4b-51aa-b5ff-7e3a13b7bdb6",
      "id": "CVE-2024-31207",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-31207 affects version 1.9.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@1.9.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:14cf3ccb-b2ac-5dcb-a39c-d7c541e53cd5",
      "id": "CVE-2024-45811",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-45811 affects version 1.9.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@1.9.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4bc91c82-86c4-5d78-9bf0-0347ecf084a6",
      "id": "CVE-2025-24010",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-24010 affects version 1.9.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@1.9.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0b8d25d8-acee-5158-a674-0f9dc41027e8",
      "id": "CVE-2025-30208",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-30208 affects version 1.9.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@1.9.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:dafb3351-e5f4-54b8-8d16-4bb0639ee0db",
      "id": "CVE-2025-31125",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-31125 affects version 1.9.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@1.9.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:eb78feed-4547-5e4f-b685-d50ca58f2993",
      "id": "CVE-2025-31486",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-31486 affects version 1.9.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@1.9.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:145b8c93-09e7-526c-8c48-15845cf070c6",
      "id": "CVE-2025-32395",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-32395 affects version 1.9.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@1.9.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:04ff0310-5d45-55d3-a5ea-a3db56a199bf",
      "id": "CVE-2025-46565",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-46565 affects version 1.9.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@1.9.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:320bf11f-0c81-5b71-96a5-7708ef710b10",
      "id": "CVE-2025-58751",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-58751 affects version 1.9.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@1.9.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2bbd1064-a677-5b3c-8b5b-46f3fd7ac604",
      "id": "CVE-2025-58752",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-58752 affects version 1.9.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@1.9.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ad47f0fc-ed6b-58e0-81b7-daae377e0a70",
      "id": "CVE-2025-62522",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-62522 affects version 1.9.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@1.9.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:649ababa-bad2-5986-83fa-367db4bb33a1",
      "id": "CVE-2026-39363",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39363 affects version 1.9.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@1.9.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7c762922-b7f1-5d15-b8eb-b29a06d6b22a",
      "id": "CVE-2026-39364",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39364 affects version 1.9.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@1.9.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:43571441-2b77-528b-a3ff-8fa75385bc93",
      "id": "CVE-2026-39365",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39365 affects version 1.9.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@1.9.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e5b1aa7c-23b0-51fc-b1d0-a5b0403b3604",
      "id": "CVE-2026-45028",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-45028 affects version 1.9.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@1.9.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fec1d8ed-9162-5958-b862-959475b764bc",
      "id": "CVE-2026-50146",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50146 affects version 1.9.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@1.9.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:26d75771-ff0f-503b-9a96-fd78fecf968d",
      "id": "CVE-2026-53571",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-53571 does not affect version 1.9.2 of @astrojs/telemetry. not_affected \u2014 Astro's codebase does not contain the vulnerable file access control logic described in CVE-2026-53571. The vulnerability exists in Vite's dev server file-serving middleware, which is a declared dependency (package.json shows 'vite': '~3.2.5'). Astro delegates all request handling directly to Vite without implementing its own file access control or path normalization logic. The vulnerable code ..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@1.9.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:349269ee-ee73-50a8-9319-5533ee0525ab",
      "id": "CVE-2026-54298",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54298 affects version 1.9.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@1.9.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:21098b94-5012-517f-8aa4-16d37c89a67d",
      "id": "CVE-2026-54299",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54299 does not affect version 1.9.2 of @astrojs/telemetry. not_affected \u2014 Astro version 1.9.2 is not affected by CVE-2026-54299. The vulnerability requires the prerendered error page HTTP fetching feature, which was introduced in Astro 5.12.9+. Version 1.9.2 renders all error pages in-process using the component system, not via HTTP fetch, eliminating the SSRF attack vector."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@1.9.2"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/%40astrojs/telemetry@1.9.2"
    }
  ]
}