{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:372a4213-3ddf-52fa-91fc-05b6bb1a6e6e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1", "type": "library", "name": "@nuxt/schema", "version": "3.12.3-tuxcare.1", "purl": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4408febd-b3ad-5c96-9487-c98d4d1d9b58", "id": "CVE-2022-25852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25852 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f1a722e-db14-5a44-81f5-4b83dc923a7f", "id": "CVE-2024-34343", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-34343 is fixed in version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b69f7cbe-aab2-5673-8231-0332a0ba8057", "id": "CVE-2024-34344", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-34344 is fixed in version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea0b0a8d-812f-5a3a-adf1-bd324b864984", "id": "CVE-2025-24360", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24360 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f0fe69fa-895f-51fe-9a97-6fb429203b89", "id": "CVE-2025-24361", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24361 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f06095c2-c8fc-54ce-b116-0fb0c0986494", "id": "CVE-2025-27415", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-27415 is fixed in version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:047fdbf0-2187-5f19-a9b1-668c57cca123", "id": "CVE-2025-52662", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52662 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d772aedb-f2bc-55f8-a3ae-70ef1451154d", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:699e7c5e-cd3b-5b4e-ae25-5d3e9bbc49a3", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:542399be-0adc-5d8c-8976-fb12b6fc0d08", "id": "CVE-2025-59414", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-59414 is fixed in version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6724459f-a53c-5dd7-9a03-6fe8971741cb", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1777e8e0-375e-55b8-a535-9f8f3d5e1d1d", "id": "CVE-2026-25128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25128 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:852b8ead-a704-56d9-a400-efc54e8ed108", "id": "CVE-2026-31860", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-31860 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cec53889-b255-57b1-9235-57cb50d84bb0", "id": "CVE-2026-31873", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-31873 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1420f364-15db-53d0-b637-c27af0efb603", "id": "CVE-2026-32887", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32887 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37cdcbce-483a-5bdb-b0d7-433526db0df0", "id": "CVE-2026-33128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33128 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0be6e372-0535-528a-a936-f51de6e5b810", "id": "CVE-2026-33129", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33129 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a7df1e1-13e5-5489-809a-6de3ad75fa63", "id": "CVE-2026-33131", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33131 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7cc84e4b-6660-5406-9ec5-6f5ec74263b1", "id": "CVE-2026-33490", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33490 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7bf2dd5b-a5c4-5e06-8576-a34b55e1e6d7", "id": "CVE-2026-39315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39315 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ea154f0-fec9-569c-86fe-b522b3c7718d", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81489be8-5299-5a2a-a2c0-91cf776e7454", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5fc5f761-c8df-5286-8be1-0349d20b2057", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42ce228f-f76e-541b-bc00-f776b1e1cc20", "id": "CVE-2026-39406", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39406 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af865e18-092e-5fb9-9dc2-39acf2569b5e", "id": "CVE-2026-41305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41305 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3adbcbdd-4b10-51b5-ab22-6156d226a2c5", "id": "CVE-2026-42338", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2026-42338 is a false positive for @nuxt/schema 3.12.3-tuxcare.1. false_positive \u2014 CVE-2026-42338 concerns the 'ip-address' npm library (XSS in Address6 class methods), but this repository is 'nuxt' (a Vue.js framework). The affected component is completely absent from this repository - not as the project itself, not vendored/bundled, and not as any dependency." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9bd95d7d-e5e8-5010-b3a0-79d72e13eb2f", "id": "CVE-2026-44372", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44372 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:38febc3d-0bf3-54af-900e-e834236e56af", "id": "CVE-2026-44373", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44373 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef4c8a62-ee28-5cb1-802b-42b1153f082d", "id": "CVE-2026-45669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45669 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6de08813-5d78-51aa-abda-3394c93df633", "id": "CVE-2026-46342", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46342 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5cb7c1df-9ef7-5fe5-b9df-20bc2e3ddadb", "id": "CVE-2026-47200", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47200 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:80b3ce9d-a105-5a33-ab06-49bbd37233c7", "id": "CVE-2026-53571", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-53571 does not affect version 3.12.3-tuxcare.1 of @nuxt/schema. not_affected \u2014 The vulnerability exists in the external vite dependency (version 5.3.2), not in Nuxt's tracked source code. Nuxt configures and wraps Vite's dev server but does not implement the vulnerable file serving logic. The affected code (NTFS ADS path normalization in fs.deny checks) resides in node_modules/vite when installed, not in this repository's source tree." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a9a9866c-e394-55e6-8611-f8ec94c878a8", "id": "CVE-2026-53721", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53721 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a2c4e19d-1c38-5841-8882-a7dc31d9b327", "id": "CVE-2026-53722", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53722 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5113a506-504f-5c0a-9a00-d63998e88722", "id": "CVE-2026-56326", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-56326 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0edca77-b980-520b-9f89-d996c3884f71", "id": "GHSA-4hxc-9384-m385", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-4hxc-9384-m385 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:65909f3c-5acf-575f-9cec-bbdf4d349cef", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d2b837ed-434f-586a-9b44-ce0e93cfe877", "id": "GHSA-c9cv-mq2m-ppp3", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-c9cv-mq2m-ppp3 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9fd6c858-130d-5f77-8954-9b309d707691", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr does not affect version 3.12.3-tuxcare.1 of @nuxt/schema. not_affected \u2014 Nuxt is not affected by GHSA-gv7w-rqvm-qjhr. The vulnerability is specific to esbuild's Deno module (lib/deno/mod.ts) which lacks binary integrity verification. Nuxt is a Node.js framework that uses esbuild's Node.js module, which according to the CVE itself includes robust SHA-256 integrity checks via binaryIntegrityCheck() function. The vulnerable Deno code path is not reachable from Nuxt's N..." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83239319-652b-5e8f-a54c-155ff6d2ec51", "id": "GHSA-m3q2-p4fw-w38m", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-m3q2-p4fw-w38m does not affect version 3.12.3-tuxcare.1 of @nuxt/schema. not_affected \u2014 Target version 3.12.3-tuxcare.2 uses a fundamentally different architecture (unhead v1 with server-side data-passing) that does not contain the vulnerable code pattern. The CVE vulnerability (GHSA-m3q2-p4fw-w38m) involves innerHTML usage in client-side DOM manipulation, which was introduced later in version 3.16.0 with the unhead v2 upgrade (March 2025). Version 3.12.3 predates this architectur..." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c00a50e-1682-5892-b14c-78d6c01c84bd", "id": "GHSA-q5pr-72pq-83v3", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-q5pr-72pq-83v3 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e1606ac-d128-565d-8fed-ab4fdbca7b68", "id": "GHSA-w5hq-g745-h8pq", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-w5hq-g745-h8pq affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba839a05-9a8a-5879-b8c6-298ead0d8954", "id": "GHSA-wr4h-v87w-p3r7", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-wr4h-v87w-p3r7 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:574fe39c-ec0a-5b12-b466-c7b0c95c322b", "id": "GHSA-x7mm-9vvv-64w8", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-x7mm-9vvv-64w8 affects version 3.12.3-tuxcare.1 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.3-tuxcare.1" } ] }