{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:b9fe37f6-8ad0-5a6e-9708-b530465aaf6a",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1",
      "type": "library",
      "name": "@astrojs/webapi",
      "version": "1.9.2-tuxcare.1",
      "purl": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:f89dde88-9f24-5328-86a9-5fbf84ffa89e",
      "id": "CVE-2013-7370",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2013-7370 is fixed in version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b15465f9-fdf9-5eba-8d92-a05a21320db4",
      "id": "CVE-2013-7371",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2013-7371 is fixed in version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a00e7012-407a-5c16-bbb2-73d70a92c115",
      "id": "CVE-2018-3717",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2018-3717 is fixed in version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e2eb42ea-1683-5884-b2e9-5d7b702d761e",
      "id": "CVE-2024-23331",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-23331 affects version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:de370020-92e9-50c7-9068-796582e0327f",
      "id": "CVE-2024-31207",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-31207 affects version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:24ce8fa1-d3ec-53ce-aceb-89760fd418ab",
      "id": "CVE-2024-45811",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-45811 affects version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fafb6f29-63d7-565e-9289-2f4cdbfe46f8",
      "id": "CVE-2024-56140",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-56140 is fixed in version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a725744b-6b39-5942-95aa-71468676611d",
      "id": "CVE-2024-56159",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-56159 is fixed in version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:bf9c2a3f-e460-5390-94b3-1d3b95faaa48",
      "id": "CVE-2025-24010",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-24010 affects version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b334c9ff-f5aa-5ac6-b62f-9435b1750ae8",
      "id": "CVE-2025-30208",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-30208 affects version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ca665b2f-2b97-54f8-9dc4-af1054173e3f",
      "id": "CVE-2025-31125",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-31125 affects version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:88f692ab-55c0-52f9-aa91-9b2e596cf083",
      "id": "CVE-2025-31486",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-31486 affects version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:64ffe736-3d2e-579a-8bcc-0d09c6d24fc1",
      "id": "CVE-2025-32395",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-32395 affects version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:28ed3287-4781-5618-98ce-af2f849d5ddb",
      "id": "CVE-2025-46565",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-46565 affects version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:cba12dcf-13e9-50c3-8a05-303a7d7dda43",
      "id": "CVE-2025-55303",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-55303 is fixed in version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:bc2cb318-21da-5813-9768-84ccaa19e363",
      "id": "CVE-2025-58751",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-58751 affects version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:92cd642c-076f-5f5a-8518-b6bef1a5c7e3",
      "id": "CVE-2025-58752",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-58752 affects version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9193328e-c6fa-5541-add6-a66ad40f3595",
      "id": "CVE-2025-61925",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-61925 is fixed in version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:32924a98-9b00-5bb2-86ab-0849081c1b7e",
      "id": "CVE-2025-62522",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-62522 affects version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1595d6e9-7682-5301-bbc1-e3cc6d4bed2b",
      "id": "CVE-2025-64757",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-64757 is fixed in version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d0344543-dca1-5ff4-9dc8-4d1148182e14",
      "id": "CVE-2025-64764",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-64764 is fixed in version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:90d263b2-2c86-5830-9890-fb24277f34e7",
      "id": "CVE-2025-64765",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-64765 is fixed in version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1bc666a4-3d70-5365-a34d-7e32ad03f13c",
      "id": "CVE-2025-65019",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-65019 is fixed in version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0ca04de2-9264-578f-9c5f-f6f943be0706",
      "id": "CVE-2025-66202",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-66202 is fixed in version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fd196622-55c9-5e92-bde5-3dbf8f3e3493",
      "id": "CVE-2026-39363",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39363 affects version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a0763e4c-a417-5776-9984-f233acaca72f",
      "id": "CVE-2026-39364",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39364 affects version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3e0b3ac9-4c0e-57db-983d-4f751bd6e725",
      "id": "CVE-2026-39365",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39365 affects version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9c5c5f35-78c0-57c4-9f10-af1abcb97535",
      "id": "CVE-2026-41067",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-41067 is fixed in version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9716ae29-eebe-588e-8475-73d71bdc423c",
      "id": "CVE-2026-45028",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-45028 affects version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3b8d0322-1a29-5b56-8c60-d5bdd851c14a",
      "id": "CVE-2026-50146",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-50146 affects version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3c54a341-bcce-50f1-8e51-005d08e5b1b4",
      "id": "CVE-2026-53571",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-53571 does not affect version 1.9.2-tuxcare.1 of @astrojs/webapi. not_affected \u2014 Astro's codebase does not contain the vulnerable file access control logic described in CVE-2026-53571. The vulnerability exists in Vite's dev server file-serving middleware, which is a declared dependency (package.json shows 'vite': '~3.2.5'). Astro delegates all request handling directly to Vite without implementing its own file access control or path normalization logic. The vulnerable code ..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0af35430-4d21-5b0a-bfda-862031a8b127",
      "id": "CVE-2026-54298",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-54298 affects version 1.9.2-tuxcare.1 of @astrojs/webapi."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f9c97a2c-5141-5e48-9094-fac82d3926b8",
      "id": "CVE-2026-54299",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54299 does not affect version 1.9.2-tuxcare.1 of @astrojs/webapi. not_affected \u2014 Astro version 1.9.2 is not affected by CVE-2026-54299. The vulnerability requires the prerendered error page HTTP fetching feature, which was introduced in Astro 5.12.9+. Version 1.9.2 renders all error pages in-process using the component system, not via HTTP fetch, eliminating the SSRF attack vector."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/%40astrojs/webapi@1.9.2-tuxcare.1"
    }
  ]
}