{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:0f80a766-0ffb-539e-a8ff-0191dcb36ac0",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3",
      "type": "library",
      "name": "@nuxt/rspack-builder",
      "version": "4.0.3-tuxcare.3",
      "purl": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:3a569250-e92b-5c54-b694-12bbf4cc9672",
      "id": "CVE-2022-21670",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2022-21670 is fixed in version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2f16364a-1247-5637-bab6-d4167f2da58f",
      "id": "CVE-2022-25852",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2022-25852 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:49afc8a7-7e25-5652-8052-71fb2e0eb435",
      "id": "CVE-2025-59414",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-59414 is fixed in version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:829f7335-160b-5ee0-afee-576a2713b59d",
      "id": "CVE-2026-25128",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-25128 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:beba95e0-ec5b-5e29-a60c-e4ddbc58c864",
      "id": "CVE-2026-32887",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-32887 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:26dd845a-db15-54a3-9ff6-3717d43377e2",
      "id": "CVE-2026-33128",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33128 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:017fd6e0-1812-5977-aa0c-4fdc76e3d62d",
      "id": "CVE-2026-33129",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33129 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1da4ae63-0a6e-5666-8693-d0b59c39386f",
      "id": "CVE-2026-33131",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33131 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:09523c3c-bf4f-54a4-bbb3-d3079c69c5f4",
      "id": "CVE-2026-33490",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33490 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:945bca50-2641-5a4c-bf4a-08ab1ef94e9e",
      "id": "CVE-2026-39363",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39363 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f62e3703-4e7d-55ab-bfd0-7e00b5ca0043",
      "id": "CVE-2026-39364",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39364 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:51e71875-147a-5209-8687-f3e4a77ebc37",
      "id": "CVE-2026-39365",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39365 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d9450a02-27e5-5966-9b68-38f02c685ba6",
      "id": "CVE-2026-39406",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39406 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4cbc1316-cd10-55e6-9a3a-06d5976292de",
      "id": "CVE-2026-41305",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-41305 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:24520fac-4c68-58a2-a7f3-f5e0f3c0594b",
      "id": "CVE-2026-42338",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2026-42338 is a false positive for @nuxt/rspack-builder 4.0.3-tuxcare.3. false_positive \u2014 CVE-2026-42338 concerns the 'ip-address' npm package, but this repository is the 'nuxt' framework. The affected component (ip-address library) is completely absent from the repository - not as the project itself, not as vendored/bundled code, and not as a declared dependency. This is a wrong-project match."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8102a317-10d0-5a76-9b50-885f3cef5296",
      "id": "CVE-2026-44372",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-44372 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3bc3aded-4e0d-5ccc-9806-a072f452312e",
      "id": "CVE-2026-44373",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-44373 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4fddeb99-5782-54e1-a577-4646973c183e",
      "id": "CVE-2026-45669",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-45669 is fixed in version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d494b624-c535-58d9-a05f-6a7785aaa974",
      "id": "CVE-2026-45670",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-45670 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4a47cc97-da69-52f6-903e-c580b8e81d43",
      "id": "CVE-2026-45736",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2026-45736 is a false positive for @nuxt/rspack-builder 4.0.3-tuxcare.3. false_positive \u2014 CVE-2026-45736 is a wrong-project match. The advisory concerns the 'ws' WebSocket library for Node.js, but the target repository is Nuxt.js framework. The ws library's source code (specifically lib/sender.js containing the vulnerable WebSocket close implementation) does not exist anywhere in this repository. While ws appears as a transitive dependency in pnpm-lock.yaml, no ws source code is pre..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:50271e72-7dd3-5f50-9943-7d539aee1558",
      "id": "CVE-2026-46342",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-46342 is fixed in version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:38ea74d1-687c-5f89-84d6-9e12443f5d80",
      "id": "CVE-2026-47200",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-47200 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7c7c1ddd-790a-5ae5-bf03-eaa68a148b3e",
      "id": "CVE-2026-49993",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-49993 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:61c15097-bd6b-54ac-9edd-5276d2b45002",
      "id": "CVE-2026-53571",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-53571 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0f99e96c-da6f-57ad-bb65-a4c22a843cc4",
      "id": "CVE-2026-53721",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-53721 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:025b55e4-b3ce-5d6d-9703-00c54e733bd9",
      "id": "CVE-2026-53722",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-53722 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:41cb0301-caa7-564b-877a-cece73d576b4",
      "id": "CVE-2026-54285",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2026-54285 is a false positive for @nuxt/rspack-builder 4.0.3-tuxcare.3. false_positive \u2014 This CVE concerns @opentelemetry/core (OpenTelemetry JavaScript package), but the target repository is Nuxt (Vue.js framework). The affected component W3CBaggagePropagator is completely absent from this repository. This is a wrong-project match."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:864ce210-193e-5f35-a7b8-a77984357e00",
      "id": "CVE-2026-56326",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-56326 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:48da4c43-2c28-5425-a303-0ab04b9e30ef",
      "id": "GHSA-4hxc-9384-m385",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-4hxc-9384-m385 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:dee37158-d32a-5955-ade7-2840787781ef",
      "id": "GHSA-534h-c3cw-v3h9",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-534h-c3cw-v3h9 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fb3bc1f6-ed3c-54db-903f-4533616cc458",
      "id": "GHSA-c9cv-mq2m-ppp3",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-c9cv-mq2m-ppp3 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:db685357-ff91-5d0a-907f-6eaa02890d39",
      "id": "GHSA-gv7w-rqvm-qjhr",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr does not affect version 4.0.3-tuxcare.3 of @nuxt/rspack-builder. not_affected \u2014 The target Nuxt repository uses esbuild as a Node.js dependency via npm/pnpm, not the vulnerable Deno module. The vulnerability (GHSA-gv7w-rqvm-qjhr) is specific to esbuild's Deno distribution (lib/deno/mod.ts) which downloads binaries at runtime without integrity verification. The Node.js distribution (lib/npm/node-install.ts) contains robust SHA-256 integrity checks and is not affected. This ..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:79603cf7-2432-58c0-b89f-8931b3caf54d",
      "id": "GHSA-m3q2-p4fw-w38m",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-m3q2-p4fw-w38m affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c8e2818f-0a03-561f-89ca-289bfbf5e91f",
      "id": "GHSA-q5pr-72pq-83v3",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-q5pr-72pq-83v3 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:400b7c7c-f485-590c-88ad-33810bddf0e3",
      "id": "GHSA-rq7w-g337-39qq",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-rq7w-g337-39qq affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1ad562bb-89fe-5041-ac64-147a4e6e19a3",
      "id": "GHSA-w5hq-g745-h8pq",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-w5hq-g745-h8pq affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ca2a2838-2d5f-58f6-91b3-5ab13b722e8e",
      "id": "GHSA-wr4h-v87w-p3r7",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-wr4h-v87w-p3r7 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c0afd3c4-6d0b-523c-9947-e4c75080f0e3",
      "id": "GHSA-x7mm-9vvv-64w8",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-x7mm-9vvv-64w8 affects version 4.0.3-tuxcare.3 of @nuxt/rspack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/%40nuxt/rspack-builder@4.0.3-tuxcare.3"
    }
  ]
}