{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fc693ab7-6d67-5a47-8c84-1f2c04d3f4ca", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2", "type": "library", "name": "@nuxt/vite-builder", "version": "3.12.4-tuxcare.2", "purl": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:59873f4d-276d-54af-8206-d8c92c3bc197", "id": "CVE-2022-25852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25852 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:76afe385-73c6-55cd-b69f-b865a89745ff", "id": "CVE-2025-24360", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24360 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:186b5709-7079-5322-8eb4-693710f09280", "id": "CVE-2025-24361", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24361 is fixed in version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:87186cd7-98ee-5006-b306-b6a80f392b91", "id": "CVE-2025-27415", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-27415 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1a580624-3da3-5070-a2df-e7f0fb334c8c", "id": "CVE-2025-52662", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52662 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f740aa7e-dac9-5b3a-b55a-799d884db00f", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f070d1eb-5da1-5cf8-a269-e62bda2c1cf0", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:51a4577e-332c-5644-8062-17682fafad59", "id": "CVE-2025-59414", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59414 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b56fbf00-ebc2-59ac-be42-e287ef6221b2", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd5cef0d-2d9a-5ede-8b67-99bcc7e5f820", "id": "CVE-2026-25128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25128 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:12960598-d571-5c4d-b4ea-efc237b72018", "id": "CVE-2026-31860", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-31860 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a4c70cb-11c8-51e5-a230-e95799b551f2", "id": "CVE-2026-31873", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-31873 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63202259-ac41-5884-9ec6-cb1e916310df", "id": "CVE-2026-32887", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32887 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:12008d34-805d-5f5c-bdfa-b4700df07e5e", "id": "CVE-2026-33128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33128 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c3122cb0-6d81-57dc-869f-cfb7de3cb186", "id": "CVE-2026-33129", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33129 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d15c6614-dedc-533b-8f3a-c0a6af970049", "id": "CVE-2026-33131", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33131 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:153616a7-ef8f-568b-bc06-aaad77e5cb6e", "id": "CVE-2026-33490", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33490 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe968405-a08c-5aab-84cd-89f0d8797f43", "id": "CVE-2026-39315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39315 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db52524b-e6e2-50cd-b65d-e884772ba4e6", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fad92606-34c0-53e3-a82a-1811b0a9af1a", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7fd99d5e-63ae-5fb5-b34a-65174757b554", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9d3c5085-5f6e-55c2-b7a6-b60963585ceb", "id": "CVE-2026-39406", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39406 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:42d26e26-d263-5a73-96e9-a7fe9145966a", "id": "CVE-2026-41305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41305 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f1fb1ea-7ed5-594f-bf1c-79ceb176b759", "id": "CVE-2026-42338", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2026-42338 is a false positive for @nuxt/vite-builder 3.12.4-tuxcare.2. false_positive \u2014 CVE-2026-42338 is a false positive match for this repository. The CVE concerns the 'ip-address' npm package (specifically XSS vulnerabilities in the Address6 class), but this repository is 'nuxt' (Nuxt.js web framework version 3.12.4-tuxcare.5). Exhaustive search confirmed that the ip-address package is not present in this repository as the project itself, as a vendored/bundled copy, or as a de..." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bf76a195-a1a9-545a-aa34-1b409b3e9842", "id": "CVE-2026-44372", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44372 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c481f605-f226-5061-810f-21ce11eb857c", "id": "CVE-2026-44373", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44373 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d35ee3bc-1fca-511f-9eec-d77b75de38a0", "id": "CVE-2026-45669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45669 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d4424ca7-b2d1-53c9-881a-1376c8b833c7", "id": "CVE-2026-46342", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46342 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ca1cd56-d507-5ed5-8692-32a298acc114", "id": "CVE-2026-47200", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47200 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:995c2e08-a959-5c1e-93a2-2fd71c6420d3", "id": "CVE-2026-53571", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53571 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:97c00fa5-83d6-5ce2-acdf-5e6ac81ee62a", "id": "CVE-2026-53721", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53721 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6021881f-ba98-5a74-82d7-a3ee3c8f956b", "id": "CVE-2026-53722", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53722 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:14c6fc12-f95c-5948-980c-24e28f8f49c9", "id": "CVE-2026-56326", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-56326 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da2c204a-d923-57a9-bf56-6ea8d0ba2c13", "id": "GHSA-4hxc-9384-m385", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-4hxc-9384-m385 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:252af03c-65f6-50c4-90ea-a7d0de345b31", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:42ce9679-2250-527d-afa3-7ce496fdd629", "id": "GHSA-c9cv-mq2m-ppp3", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-c9cv-mq2m-ppp3 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d5b5460a-c8ee-5c41-a20b-68e1bd422c61", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr does not affect version 3.12.4-tuxcare.2 of @nuxt/vite-builder. not_affected \u2014 Nuxt.js is not affected by GHSA-gv7w-rqvm-qjhr. The vulnerability exists only in esbuild's Deno module distribution (lib/deno/mod.ts), which lacks SHA-256 integrity verification for downloaded binaries. Nuxt uses esbuild as an npm package dependency for Node.js, which uses a completely different installation path (lib/npm/node-install.ts) that already includes the binaryIntegrityCheck() protect..." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e568f51c-b999-5f7b-bef6-50b554911673", "id": "GHSA-m3q2-p4fw-w38m", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-m3q2-p4fw-w38m does not affect version 3.12.4-tuxcare.2 of @nuxt/vite-builder. not_affected \u2014 Target version (nuxt@3.12.4-tuxcare.5) is NOT affected by GHSA-m3q2-p4fw-w38m. The vulnerability was introduced 1754 commits AFTER v3.12.4 when Nuxt upgraded from unhead v1 to v2 in v3.16.0. The target uses a fundamentally different, older implementation that does not contain the vulnerable innerHTML pattern." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2bb74bed-802b-51f3-9745-ecbad0cbf513", "id": "GHSA-q5pr-72pq-83v3", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-q5pr-72pq-83v3 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5fbe673a-056a-5373-b891-c2c4dd27fcb3", "id": "GHSA-w5hq-g745-h8pq", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-w5hq-g745-h8pq affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:916f6011-8f60-5a5f-a9e7-ca55bd932744", "id": "GHSA-wr4h-v87w-p3r7", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-wr4h-v87w-p3r7 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:10025b4f-abb2-5154-a3c7-9160bd295d75", "id": "GHSA-x7mm-9vvv-64w8", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-x7mm-9vvv-64w8 affects version 3.12.4-tuxcare.2 of @nuxt/vite-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40nuxt/vite-builder@3.12.4-tuxcare.2" } ] }