{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0e11a6f8-71aa-5fef-9faf-ca037c02273f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2", "type": "library", "name": "@nuxt/schema", "version": "3.12.4-tuxcare.2", "purl": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:092653ec-08f9-5b27-bea4-91553f8e7e8a", "id": "CVE-2022-25852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25852 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d34a06af-8e95-5621-857a-a97bdce43a38", "id": "CVE-2025-24360", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24360 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:363a17ba-416f-5b2c-9dea-92d25168b6c0", "id": "CVE-2025-24361", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24361 is fixed in version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28e6aed9-31de-5628-9f75-4c91dd9a6a2a", "id": "CVE-2025-27415", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-27415 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0461c2c6-e6e8-56ea-9220-53b4a682aa15", "id": "CVE-2025-52662", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52662 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4af57d0c-7165-5560-a7a5-aeca37ef8d0d", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8447d8e-f652-511e-bc83-67da1ba8fd46", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:45a0bb8e-b3c3-54e7-a2a1-683057bba63b", "id": "CVE-2025-59414", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59414 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0940171a-22e2-539f-999c-e14b8005983b", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3ee6e796-88cb-5611-a8e9-98651178addd", "id": "CVE-2026-25128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25128 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c08c660f-9269-5655-9462-315b96169114", "id": "CVE-2026-31860", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-31860 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2b3e8b2c-e625-5be1-aabb-6d5013201279", "id": "CVE-2026-31873", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-31873 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:efdb6d2d-e06e-5f05-93a7-4cbab29dacf5", "id": "CVE-2026-32887", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32887 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03d5b0ab-253a-5388-ae19-8d0ae5f6e274", "id": "CVE-2026-33128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33128 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0fdf8a03-d9ee-591f-b18b-64a691978318", "id": "CVE-2026-33129", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33129 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc8a6858-a1a2-544f-893f-ba05008bb8ec", "id": "CVE-2026-33131", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33131 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c7139f68-ddf6-56cd-ac78-cd3b8f42fca4", "id": "CVE-2026-33490", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33490 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fae9b073-d133-5edd-a129-d851327ceb98", "id": "CVE-2026-39315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39315 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3116af65-2166-5e93-b19a-559562401aef", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f4b9c40-3918-525d-9639-214728f5d3eb", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:293531c0-101b-5157-9487-8b1bfdb2bcce", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca3bc28c-9fe2-502f-8c4a-babbaa49486a", "id": "CVE-2026-39406", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39406 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70bff391-3530-5030-9bd3-ebdb507764ae", "id": "CVE-2026-41305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41305 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:91311eb1-03d7-5482-8f9a-66b06ca16b59", "id": "CVE-2026-42338", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2026-42338 is a false positive for @nuxt/schema 3.12.4-tuxcare.2. false_positive \u2014 CVE-2026-42338 is a false positive match for this repository. The CVE concerns the 'ip-address' npm package (specifically XSS vulnerabilities in the Address6 class), but this repository is 'nuxt' (Nuxt.js web framework version 3.12.4-tuxcare.5). Exhaustive search confirmed that the ip-address package is not present in this repository as the project itself, as a vendored/bundled copy, or as a de..." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c018eccb-2aae-56ed-8c45-7b0dc5a3bbab", "id": "CVE-2026-44372", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44372 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b92cd11-e396-570c-b15b-b81aa29ea97d", "id": "CVE-2026-44373", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44373 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7fbd0571-b5c9-51eb-a1bf-0afe095ff6d6", "id": "CVE-2026-45669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45669 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:731af26a-1dee-52a6-a04f-aecbb2436d2a", "id": "CVE-2026-46342", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46342 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:52c5a828-5843-5c3d-85ec-33befe73514f", "id": "CVE-2026-47200", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47200 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:de48f958-65ac-55f7-a061-8aecffa28a5e", "id": "CVE-2026-53571", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53571 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6cbfb657-f443-5013-87b0-3d3f42d32ef5", "id": "CVE-2026-53721", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53721 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec6d053e-ea9e-5851-94d7-0f7ddc8c79ac", "id": "CVE-2026-53722", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53722 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:94d96af6-69fc-5e58-a216-45c3c3024502", "id": "CVE-2026-56326", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-56326 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bf12957a-4eb6-544e-8098-620d2fa0fb8b", "id": "GHSA-4hxc-9384-m385", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-4hxc-9384-m385 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c55eef7a-fb50-5765-b4c4-1045d028e68d", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:670a77b9-85de-5c67-b90f-49faa29ac7fe", "id": "GHSA-c9cv-mq2m-ppp3", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-c9cv-mq2m-ppp3 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7fcafb7b-6198-53e3-8e44-ede45fa79a8d", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr does not affect version 3.12.4-tuxcare.2 of @nuxt/schema. not_affected \u2014 Nuxt.js is not affected by GHSA-gv7w-rqvm-qjhr. The vulnerability exists only in esbuild's Deno module distribution (lib/deno/mod.ts), which lacks SHA-256 integrity verification for downloaded binaries. Nuxt uses esbuild as an npm package dependency for Node.js, which uses a completely different installation path (lib/npm/node-install.ts) that already includes the binaryIntegrityCheck() protect..." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8d1e2088-28ca-5940-bb9a-5bea80575819", "id": "GHSA-m3q2-p4fw-w38m", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-m3q2-p4fw-w38m does not affect version 3.12.4-tuxcare.2 of @nuxt/schema. not_affected \u2014 Target version (nuxt@3.12.4-tuxcare.5) is NOT affected by GHSA-m3q2-p4fw-w38m. The vulnerability was introduced 1754 commits AFTER v3.12.4 when Nuxt upgraded from unhead v1 to v2 in v3.16.0. The target uses a fundamentally different, older implementation that does not contain the vulnerable innerHTML pattern." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dd639b16-dac2-542c-9597-793c47b29a95", "id": "GHSA-q5pr-72pq-83v3", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-q5pr-72pq-83v3 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d75ade58-482c-5a45-a686-9c992ffb8d50", "id": "GHSA-w5hq-g745-h8pq", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-w5hq-g745-h8pq affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e34d6769-e93b-5df1-9495-a1ef78dab2bb", "id": "GHSA-wr4h-v87w-p3r7", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-wr4h-v87w-p3r7 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f57c2783-fb5a-59f7-85d2-96353614ded0", "id": "GHSA-x7mm-9vvv-64w8", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-x7mm-9vvv-64w8 affects version 3.12.4-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40nuxt/schema@3.12.4-tuxcare.2" } ] }