{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:9bdeaf1b-26c5-58aa-9333-78cdc9df160e",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/%40astrojs/telemetry@5.18.1-tuxcare.2",
      "type": "library",
      "name": "@astrojs/telemetry",
      "version": "5.18.1-tuxcare.2",
      "purl": "pkg:npm/%40astrojs/telemetry@5.18.1-tuxcare.2"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:e02381f6-06ad-5272-bb99-b1b3de3b3b46",
      "id": "CVE-2025-55303",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-55303 affects version 5.18.1-tuxcare.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@5.18.1-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:39fee3bb-5e52-5d38-a6e1-9a5732be8641",
      "id": "CVE-2025-58751",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-58751 is fixed in version 5.18.1-tuxcare.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@5.18.1-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ecb740b9-553f-593b-b4ac-efcd60edf57d",
      "id": "CVE-2025-58752",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-58752 affects version 5.18.1-tuxcare.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@5.18.1-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2afda305-943a-53d1-8b1e-6a5e3460855f",
      "id": "CVE-2025-62522",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-62522 affects version 5.18.1-tuxcare.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@5.18.1-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9edbbe40-4794-5cb3-bbbe-4aabf89ffa2f",
      "id": "CVE-2026-39363",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39363 affects version 5.18.1-tuxcare.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@5.18.1-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:574dd1ee-ef15-5133-bdcf-aabd6537bc8b",
      "id": "CVE-2026-39364",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39364 affects version 5.18.1-tuxcare.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@5.18.1-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:70f10543-fcd3-58d3-ab9f-75c2d2bbce3a",
      "id": "CVE-2026-39365",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-39365 is fixed in version 5.18.1-tuxcare.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@5.18.1-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c0513daf-1595-585b-8a15-d4973b4fbccb",
      "id": "CVE-2026-41067",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-41067 is fixed in version 5.18.1-tuxcare.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@5.18.1-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f6110752-917b-53ed-8caf-f2bcc4b579b8",
      "id": "CVE-2026-45028",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-45028 affects version 5.18.1-tuxcare.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@5.18.1-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c15f7641-c5ca-543a-85db-8e81bd407692",
      "id": "CVE-2026-50146",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-50146 does not affect version 5.18.1-tuxcare.2 of @astrojs/telemetry. already_fixed \u2014 The target repository (astro v5.18.1-tuxcare.3) already contains the vendor's slot name XSS fix. The escapeHTML() function is applied to slot names at both injection points (lines 348 and 362 in component.ts) before interpolating into HTML attributes, preventing attribute context breakout attacks. The fix was backported by TuxCare's automation service on May 18, 2026 via commit b30fca309f."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@5.18.1-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c6ef1bdb-6dc6-542b-bcf7-fdfc372d3561",
      "id": "CVE-2026-54298",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54298 affects version 5.18.1-tuxcare.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@5.18.1-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1eade666-2451-589c-b9ad-92eede8e4fb0",
      "id": "CVE-2026-54299",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54299 affects version 5.18.1-tuxcare.2 of @astrojs/telemetry."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/telemetry@5.18.1-tuxcare.2"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/%40astrojs/telemetry@5.18.1-tuxcare.2"
    }
  ]
}