{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:56c05f33-2b77-5fb4-be3c-c4acbed5d90d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3", "type": "library", "name": "@nuxt/schema", "version": "4.0.3-tuxcare.3", "purl": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cb1917b8-31d2-53e0-81c6-43e682969520", "id": "CVE-2022-21670", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-21670 is fixed in version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c5752be7-0ed2-52e3-a9cb-c3b94b22ea87", "id": "CVE-2022-25852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25852 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3b3f533e-3590-5706-bde0-3ec31e8e05d2", "id": "CVE-2025-59414", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-59414 is fixed in version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0ad925aa-18ed-5291-84af-3186476a5447", "id": "CVE-2026-25128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25128 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8a6a316c-825a-5325-895b-1e034eb481da", "id": "CVE-2026-32887", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32887 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:86e48720-e896-5e39-a810-ba70877347c2", "id": "CVE-2026-33128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33128 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:015ddebc-f585-521d-b789-fd40a32dc0fb", "id": "CVE-2026-33129", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33129 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c3bf35e7-cb19-5b68-8ca7-73b6fb2b881b", "id": "CVE-2026-33131", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33131 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:25441b2d-d663-529c-8925-b758e66f6a0f", "id": "CVE-2026-33490", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33490 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0201d3a8-f102-578e-821b-758740bf3d83", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5aee5cef-0dd5-5c6d-b0ef-6a472905553c", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9a342b18-eeb4-54b3-ba8b-6665bfda9309", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:33de6d11-4850-5561-b76f-e8bc7cf6b559", "id": "CVE-2026-39406", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39406 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4f62402e-ea2c-557c-b154-8492fc39543a", "id": "CVE-2026-41305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41305 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:08243cd7-d1dc-5071-8bf3-593f7cb2a571", "id": "CVE-2026-42338", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2026-42338 is a false positive for @nuxt/schema 4.0.3-tuxcare.3. false_positive \u2014 CVE-2026-42338 concerns the 'ip-address' npm package, but this repository is the 'nuxt' framework. The affected component (ip-address library) is completely absent from the repository - not as the project itself, not as vendored/bundled code, and not as a declared dependency. This is a wrong-project match." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:78db87bb-5ff6-5a20-ad5f-db6a5dc46105", "id": "CVE-2026-44372", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44372 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d16f1b32-3f44-5d39-b696-666f37c1bad4", "id": "CVE-2026-44373", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44373 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:106996ef-b58e-58a4-b867-cc830a932500", "id": "CVE-2026-45669", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-45669 is fixed in version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:38823cda-158c-50f6-b4f9-eef6256ac463", "id": "CVE-2026-45670", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45670 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:89d18b8d-ee41-50cb-bad4-69e6e735803a", "id": "CVE-2026-45736", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2026-45736 is a false positive for @nuxt/schema 4.0.3-tuxcare.3. false_positive \u2014 CVE-2026-45736 is a wrong-project match. The advisory concerns the 'ws' WebSocket library for Node.js, but the target repository is Nuxt.js framework. The ws library's source code (specifically lib/sender.js containing the vulnerable WebSocket close implementation) does not exist anywhere in this repository. While ws appears as a transitive dependency in pnpm-lock.yaml, no ws source code is pre..." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b7923dc3-853e-5f95-af5a-db8b3ebd96be", "id": "CVE-2026-46342", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-46342 is fixed in version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2e24554a-7d03-529b-adf6-5fc185eba03c", "id": "CVE-2026-47200", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47200 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ad8fe554-2b3a-5fab-902f-33f7ca79f815", "id": "CVE-2026-49993", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-49993 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4c08827d-9fac-59ac-9257-42d34359c107", "id": "CVE-2026-53571", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53571 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a69932f2-ab7f-59f2-a29a-26a729593e7d", "id": "CVE-2026-53721", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53721 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d5af13d3-0c3d-5a77-933c-a0e8bbba6750", "id": "CVE-2026-53722", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53722 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a49d0b82-0f11-5db0-9b64-da7c5de240ca", "id": "CVE-2026-54285", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2026-54285 is a false positive for @nuxt/schema 4.0.3-tuxcare.3. false_positive \u2014 This CVE concerns @opentelemetry/core (OpenTelemetry JavaScript package), but the target repository is Nuxt (Vue.js framework). The affected component W3CBaggagePropagator is completely absent from this repository. This is a wrong-project match." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d151d74-c31e-515e-9fc2-e0b745a12ba5", "id": "CVE-2026-56326", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-56326 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7910409c-dee8-5db8-a3ba-bd3e158a49bd", "id": "GHSA-4hxc-9384-m385", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-4hxc-9384-m385 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:866d2ace-e352-58c3-b8b3-573247fa62fa", "id": "GHSA-534h-c3cw-v3h9", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-534h-c3cw-v3h9 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:69255fbd-fd8e-5726-bf38-f6e860893b3f", "id": "GHSA-c9cv-mq2m-ppp3", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-c9cv-mq2m-ppp3 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9699f840-23bf-5a0a-89c9-37996679dc7a", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr does not affect version 4.0.3-tuxcare.3 of @nuxt/schema. not_affected \u2014 The target Nuxt repository uses esbuild as a Node.js dependency via npm/pnpm, not the vulnerable Deno module. The vulnerability (GHSA-gv7w-rqvm-qjhr) is specific to esbuild's Deno distribution (lib/deno/mod.ts) which downloads binaries at runtime without integrity verification. The Node.js distribution (lib/npm/node-install.ts) contains robust SHA-256 integrity checks and is not affected. This ..." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c72d0060-a92d-5283-ac73-13e40cf3a1e4", "id": "GHSA-m3q2-p4fw-w38m", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-m3q2-p4fw-w38m affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0e146c0a-f3c8-54b3-8875-7a0fa3d68a46", "id": "GHSA-q5pr-72pq-83v3", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-q5pr-72pq-83v3 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a0747b9d-3d74-5c8c-a02c-3d64427a33ab", "id": "GHSA-rq7w-g337-39qq", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-rq7w-g337-39qq affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:40be7ba5-6ed4-5b4e-90c1-d05a8cb08c07", "id": "GHSA-w5hq-g745-h8pq", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-w5hq-g745-h8pq affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e6315e5f-ee79-5265-b7fe-45f26c05953e", "id": "GHSA-wr4h-v87w-p3r7", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-wr4h-v87w-p3r7 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:44fdf972-b42c-5fdf-b90d-0bb38559866e", "id": "GHSA-x7mm-9vvv-64w8", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-x7mm-9vvv-64w8 affects version 4.0.3-tuxcare.3 of @nuxt/schema." }, "affects": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40nuxt/schema@4.0.3-tuxcare.3" } ] }