{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:282a0767-9e8c-5ce3-b8e3-a85323163766", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40nuxt/test-utils@3.2.0", "type": "library", "name": "@nuxt/test-utils", "version": "3.2.0", "purl": "pkg:npm/%40nuxt/test-utils@3.2.0" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:94a58f00-9c41-5fef-b8e3-83a0e6bf542d", "id": "CVE-2022-25852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25852 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:2f35755e-485c-5187-8210-0440b165a256", "id": "CVE-2024-23331", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23331 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:2db12414-cdf7-5bfb-808a-91490454c45e", "id": "CVE-2024-31207", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-31207 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:03295fac-ad5f-5f83-905d-d1eb7afcc5c3", "id": "CVE-2024-34343", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-34343 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:ab82cc2e-28b0-5fa6-939c-263147835ac8", "id": "CVE-2024-45811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-45811 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:9d0391e2-d215-5669-ac0a-2b9d190099f8", "id": "CVE-2024-45812", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-45812 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:dfb879a7-73dc-571f-b04a-4454365fe45b", "id": "CVE-2025-24010", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24010 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:b650e0b5-c69e-5914-8484-7564fa30bd9b", "id": "CVE-2025-24361", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24361 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:1ac7a095-bef8-574e-90d4-72c9f1e3413f", "id": "CVE-2025-27415", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-27415 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:7a4edbda-06dc-5325-90ac-d099403a5ad3", "id": "CVE-2025-30208", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-30208 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:56364574-09be-57fa-9736-222855d5963c", "id": "CVE-2025-31125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31125 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:aa089b5f-952c-5b8f-b2c0-a54a4d8574db", "id": "CVE-2025-31486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31486 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:fe634d18-3a8b-574f-a9cf-f30b2e6d4ea5", "id": "CVE-2025-32395", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-32395 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:acce0087-a7e5-5e3c-a95d-e0ddc96d427a", "id": "CVE-2025-46565", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46565 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:8ec2c0b6-f466-538b-8967-352e6b4a8ed3", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:6a0c00fb-5139-5b64-b243-ddfe1a9bdd96", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:6ea16b34-8f78-53f2-88b1-dc81507c90f9", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:a3320b70-1e2d-5cf3-8cce-f163ab2857e3", "id": "CVE-2026-25128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25128 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:c600fabf-1abc-5f39-b004-47ff751d1c43", "id": "CVE-2026-31860", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-31860 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:df0f071b-b019-59a4-a77d-5ec2990cabdf", "id": "CVE-2026-31873", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-31873 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:65277a17-2c11-5632-ac44-debb8fc728f5", "id": "CVE-2026-32887", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32887 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:cbd0a191-7ba5-56a0-9094-58bf3b73c4b2", "id": "CVE-2026-33128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33128 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:f4f7d2d4-071b-5e6e-b52b-7355cc9f5000", "id": "CVE-2026-33129", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33129 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:38a7b070-d3ac-5975-9cb9-493697553ddd", "id": "CVE-2026-33131", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33131 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:99a95f3e-86d4-52d4-8c41-19663ff7f4a9", "id": "CVE-2026-33490", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33490 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:57c0e5e9-7971-55ec-9cc0-cc0406c9a0a5", "id": "CVE-2026-39315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39315 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:aa6fe484-8a79-581b-b0da-233f01bf21cd", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:d9f90b02-8f6c-5e27-b326-2fe6c1564cde", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:e8241bbe-14a1-5a5c-a9c6-8bf26c04eda9", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:d3fa5100-f9f1-52fa-9ba7-5f9457dd6a1f", "id": "CVE-2026-39406", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39406 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:5a3873b6-c2b2-5e57-8e91-857eeffb09ef", "id": "CVE-2026-41305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41305 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:1caf161b-a2c6-59b3-bf7c-812f1ba349f0", "id": "CVE-2026-42338", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2026-42338 is a false positive for @nuxt/test-utils 3.2.0. false_positive \u2014 CVE-2026-42338 concerns the 'ip-address' npm library (IPv6/IPv4 address parsing), but this repository is Nuxt v3.2.0-tuxcare.1 (a Vue.js meta-framework). The affected component is not present in this repository as a vendored copy, dependency, or in any other form. This is a wrong-project match." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:1547f8c3-356a-51ec-9a39-fcfd1d87346d", "id": "CVE-2026-44372", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44372 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:18d95ef8-bc55-5e8c-8fff-6ce42ef7e18f", "id": "CVE-2026-44373", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44373 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:4a5bce67-4cbe-5f00-8153-ee46229ab4c5", "id": "CVE-2026-45669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45669 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:3a1b67d0-587b-5b62-a903-3ea22b7218a5", "id": "CVE-2026-46342", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46342 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:685adff2-b5f8-5fa1-b6b9-3287a75ff797", "id": "CVE-2026-47200", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-47200 does not affect version 3.2.0 of @nuxt/test-utils. not_affected \u2014 Nuxt version 3.2.0 does not contain the server-only pages feature that is the prerequisite for CVE-2026-47200. The vulnerable code pattern (`.server.vue` pages rendered as islands via `/__nuxt_island/page_*` endpoint) was introduced in Nuxt v3.11.0, which is 2,059 commits after v3.2.0. The target version predates the feature by multiple major versions." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:264830f0-deb5-5c06-89fa-77e360d7438f", "id": "CVE-2026-53571", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-53571 does not affect version 3.2.0 of @nuxt/test-utils. not_affected \u2014 The CVE-2026-53571 vulnerability exists in Vite's dev server file serving logic, specifically in how it handles Windows NTFS Alternate Data Streams (ADS) and 8.3 short filename bypasses of the fs.deny protection. The target repository is Nuxt 3.2.0-tuxcare.1, which depends on Vite 4.1.1 as a declared npm dependency. However, Vite's source code (including the vulnerable file serving implementati..." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:d49d955b-c072-5b3a-9933-c913e6631a66", "id": "CVE-2026-53722", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53722 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:cd730cf2-05c2-5a8f-9c12-6eccf4594438", "id": "CVE-2026-56326", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-56326 does not affect version 3.2.0 of @nuxt/test-utils. not_affected \u2014 Version 3.2.0 does not contain the vulnerable code pattern. The vulnerability exists in the encodeURL() function which was introduced on June 26, 2024, over a year after version 3.2.0 (released February 9, 2023). The target uses a simpler redirect architecture without the vulnerable encodeURL() function." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:fa3b305c-e9b5-5e0b-8fbf-739d2333552e", "id": "GHSA-4hxc-9384-m385", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-4hxc-9384-m385 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:b40db0b9-4d90-5fbb-9ee2-48ea3ccf8d88", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:553924df-3a8d-520d-b40e-e55c909317c7", "id": "GHSA-c9cv-mq2m-ppp3", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-c9cv-mq2m-ppp3 does not affect version 3.2.0 of @nuxt/test-utils. not_affected \u2014 Target repository Nuxt version 3.2.0 is NOT affected by GHSA-c9cv-mq2m-ppp3. All three vulnerability sinks described in the CVE (SSR open redirect via path-normalization, script execution via navigateTo open option, and protocol-relative bypass in reloadNuxtApp) require code features that were introduced AFTER version 3.2.0. The vulnerable encodeURL function with WHATWG URL parsing was added in..." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:e1ba8fe0-c6b9-579b-b516-2b9670085598", "id": "GHSA-m3q2-p4fw-w38m", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-m3q2-p4fw-w38m does not affect version 3.2.0 of @nuxt/test-utils. not_affected \u2014 Version 3.2.0 is NOT affected by GHSA-m3q2-p4fw-w38m. The vulnerable innerHTML pattern was introduced in v3.16.0 (March 2025), two years after this version. The target uses noscript.children instead of the vulnerable noscript.innerHTML assignment." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:7dfb6bae-1ff5-5f25-b646-582f92fe1ff4", "id": "GHSA-q5pr-72pq-83v3", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-q5pr-72pq-83v3 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:577c11bd-23b4-590e-a988-139c6a72624e", "id": "GHSA-w5hq-g745-h8pq", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-w5hq-g745-h8pq affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:f50fcdd6-d49b-5f33-9de6-def81e47b1a7", "id": "GHSA-wr4h-v87w-p3r7", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-wr4h-v87w-p3r7 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }, { "bom-ref": "urn:uuid:e882d4b3-129a-55cf-9bc5-dc1a7a250c49", "id": "GHSA-x7mm-9vvv-64w8", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-x7mm-9vvv-64w8 affects version 3.2.0 of @nuxt/test-utils." }, "affects": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40nuxt/test-utils@3.2.0" } ] }