{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d10db4b0-ca7b-5c44-a8f3-4e5f6c6ac219", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2", "type": "library", "name": "@nuxt/schema", "version": "4.0.3-tuxcare.2", "purl": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:05ffd640-7fee-566b-8cdf-78e89a3a1b9a", "id": "CVE-2022-21670", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-21670 is fixed in version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:39318de0-ca7a-53d0-b5c6-45df8a2ca3af", "id": "CVE-2022-25852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25852 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5deb5e6d-e23e-5ea9-ac64-ade18aa3feb5", "id": "CVE-2025-59414", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-59414 is fixed in version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e035518-e01a-52e2-9591-4b8faa00ddc7", "id": "CVE-2026-25128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25128 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db911e9e-f4e1-5402-9525-d83004e253a0", "id": "CVE-2026-32887", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32887 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:13fca4ef-ccd5-52a7-95e0-fa0c927a78c8", "id": "CVE-2026-33128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33128 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:12cc566f-6626-5331-a267-c7f76967a462", "id": "CVE-2026-33129", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33129 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a14e0727-fc3c-559e-98a6-4e8e4c0b5b8a", "id": "CVE-2026-33131", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33131 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c195859d-e6f1-53a4-98b3-f8acffc722a7", "id": "CVE-2026-33490", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33490 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:626e3a73-5915-550f-973b-9b09576509ac", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:de48667b-89f4-5f31-8e2d-7e58cb6125ac", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f7b6f37a-6481-5e91-978d-ef37765ee850", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:57fe55ef-acb2-5053-bedd-33d255cb39e8", "id": "CVE-2026-39406", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39406 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:32d1e225-bb20-526f-ac11-6513c4bbaea1", "id": "CVE-2026-41305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41305 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d13bc5eb-2322-5ca7-8d9a-8c87650b5179", "id": "CVE-2026-42338", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2026-42338 is a false positive for @nuxt/schema 4.0.3-tuxcare.2. false_positive \u2014 CVE-2026-42338 concerns the 'ip-address' npm package, but this repository is the 'nuxt' framework. The affected component (ip-address library) is completely absent from the repository - not as the project itself, not as vendored/bundled code, and not as a declared dependency. This is a wrong-project match." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:14085334-5d51-5afd-acbb-0dd826d82ea8", "id": "CVE-2026-44372", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44372 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1440fed1-70a5-5fd2-b6da-dbf82fae164d", "id": "CVE-2026-44373", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44373 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:66b95221-99bc-556d-b115-dc00782109fc", "id": "CVE-2026-45669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45669 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:728ee89c-893e-52e7-83bf-126136176882", "id": "CVE-2026-45670", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45670 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:595f4763-895a-5529-8a3d-5447058e8f14", "id": "CVE-2026-45736", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2026-45736 is a false positive for @nuxt/schema 4.0.3-tuxcare.2. false_positive \u2014 CVE-2026-45736 is a wrong-project match. The advisory concerns the 'ws' WebSocket library for Node.js, but the target repository is Nuxt.js framework. The ws library's source code (specifically lib/sender.js containing the vulnerable WebSocket close implementation) does not exist anywhere in this repository. While ws appears as a transitive dependency in pnpm-lock.yaml, no ws source code is pre..." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3988a9a2-5641-56ca-9b77-3d443f8665a9", "id": "CVE-2026-46342", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46342 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c3289527-72cd-58f9-8726-d2665b3bde28", "id": "CVE-2026-47200", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47200 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7049b54d-8c5e-5f69-9202-8b77ccdfe399", "id": "CVE-2026-49993", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-49993 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e1ea121-93e8-5b76-a3b2-f5009a1c31f6", "id": "CVE-2026-53571", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53571 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:04706d62-f058-5d53-af15-f87ab4c3cd35", "id": "CVE-2026-53721", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53721 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3aa3f229-c0a4-5ba3-a76b-65ae6fd24f06", "id": "CVE-2026-53722", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53722 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d01dbb33-26d4-5b6b-931d-d869c295d9d4", "id": "CVE-2026-54285", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2026-54285 is a false positive for @nuxt/schema 4.0.3-tuxcare.2. false_positive \u2014 This CVE concerns @opentelemetry/core (OpenTelemetry JavaScript package), but the target repository is Nuxt (Vue.js framework). The affected component W3CBaggagePropagator is completely absent from this repository. This is a wrong-project match." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:157847bd-04d0-5a32-8d74-b34d58d1a902", "id": "CVE-2026-56326", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-56326 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d959ca55-e6e0-5891-a4d5-85a1b4dfa19b", "id": "GHSA-4hxc-9384-m385", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-4hxc-9384-m385 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2df0bf76-0bdf-548a-9aee-140bcd6cbd0b", "id": "GHSA-534h-c3cw-v3h9", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-534h-c3cw-v3h9 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:219d09c1-3cb6-5b25-9b05-9cfc461a8cdd", "id": "GHSA-c9cv-mq2m-ppp3", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-c9cv-mq2m-ppp3 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3799f57-2c18-571c-b772-74d1661d35e9", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr does not affect version 4.0.3-tuxcare.2 of @nuxt/schema. not_affected \u2014 The target Nuxt repository uses esbuild as a Node.js dependency via npm/pnpm, not the vulnerable Deno module. The vulnerability (GHSA-gv7w-rqvm-qjhr) is specific to esbuild's Deno distribution (lib/deno/mod.ts) which downloads binaries at runtime without integrity verification. The Node.js distribution (lib/npm/node-install.ts) contains robust SHA-256 integrity checks and is not affected. This ..." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aac91d3e-d05d-5c11-a8e7-0f79e890139e", "id": "GHSA-m3q2-p4fw-w38m", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-m3q2-p4fw-w38m affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:957d51df-db4c-5db6-bdba-cc110e8d9ad1", "id": "GHSA-q5pr-72pq-83v3", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-q5pr-72pq-83v3 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a90e51d5-2374-563d-9159-abe5e5a84f54", "id": "GHSA-rq7w-g337-39qq", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-rq7w-g337-39qq affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db4aa53b-a903-5653-b260-440e6a9e001f", "id": "GHSA-w5hq-g745-h8pq", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-w5hq-g745-h8pq affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:74091e37-cb44-516c-9cd9-0d510de5bb8d", "id": "GHSA-wr4h-v87w-p3r7", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-wr4h-v87w-p3r7 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e9d5e69-fd05-5eda-99b5-08f3b14a2056", "id": "GHSA-x7mm-9vvv-64w8", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-x7mm-9vvv-64w8 affects version 4.0.3-tuxcare.2 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.2" } ] }