{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5f69c731-2871-5ce1-8bc0-c72d3b1da925", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2", "type": "library", "name": "@nuxt/webpack-builder", "version": "3.12.4-tuxcare.2", "purl": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7f0e5d81-f9b7-5b55-88d6-cd503bc92d42", "id": "CVE-2022-25852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25852 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:841e648e-a334-598d-9e20-674c133d60c6", "id": "CVE-2025-24360", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24360 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6bbfaab8-8770-525d-af1e-7bbaa033a488", "id": "CVE-2025-24361", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24361 is fixed in version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:af28fca5-1fba-5db2-b8cb-9d21d71930d5", "id": "CVE-2025-27415", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-27415 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a2768f2e-6755-5da3-87d3-2097fa0f1300", "id": "CVE-2025-52662", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52662 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8d30f45f-7b96-57f2-8a72-594e3cfbd092", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f30a73d9-ea46-5e93-ad7b-9635fff429eb", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d7993fd1-caad-50e7-a708-5bef953e5967", "id": "CVE-2025-59414", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59414 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b649220d-fc08-5cd6-b2f7-2ff892f6c874", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9bc231ca-0c98-5f30-ad71-45e953617320", "id": "CVE-2026-25128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25128 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79e7746a-3b19-5045-ac1a-eafd9689dd83", "id": "CVE-2026-31860", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-31860 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c1d1e94f-39a4-5287-b7ec-cade1b625948", "id": "CVE-2026-31873", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-31873 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21065d61-ca77-5611-963e-cb7b1cd92a2e", "id": "CVE-2026-32887", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32887 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a9dd9d2-90ba-515b-8f1b-5a2d7061ada1", "id": "CVE-2026-33128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33128 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7346be4a-1aa2-59f1-ac26-881ce57729b3", "id": "CVE-2026-33129", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33129 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d16982ba-7afb-5267-b7ba-24a419e02149", "id": "CVE-2026-33131", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33131 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:42cba002-5f62-5fbf-8121-84305eb35939", "id": "CVE-2026-33490", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33490 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3ef084c6-6374-5413-82b0-acd758082277", "id": "CVE-2026-39315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39315 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9c51047-0cc7-5262-ab33-0a04e29e7d9f", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:96a662a6-9486-5b2b-871a-a616dff80119", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:65c7a85a-91b1-5ecf-a50c-17d4d51d298f", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4f802b6-ea75-5bf6-88dc-6bb4fdd57b99", "id": "CVE-2026-39406", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39406 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4ed75d8-55e2-5c12-af58-a93f95b7b390", "id": "CVE-2026-41305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41305 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d50d8616-cf5a-526c-bd18-47c876c5c889", "id": "CVE-2026-42338", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2026-42338 is a false positive for @nuxt/webpack-builder 3.12.4-tuxcare.2. false_positive \u2014 CVE-2026-42338 is a false positive match for this repository. The CVE concerns the 'ip-address' npm package (specifically XSS vulnerabilities in the Address6 class), but this repository is 'nuxt' (Nuxt.js web framework version 3.12.4-tuxcare.5). Exhaustive search confirmed that the ip-address package is not present in this repository as the project itself, as a vendored/bundled copy, or as a de..." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:47b3a7ac-cd01-5725-b494-716136b73ec0", "id": "CVE-2026-44372", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44372 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:401bd3b2-1938-54cc-8381-fb95e9bc2ef6", "id": "CVE-2026-44373", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44373 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7025ed58-ce83-5523-a1c1-13e44b6ff1df", "id": "CVE-2026-45669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45669 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d44c0136-b25e-5795-b4eb-c07fbbbc0f20", "id": "CVE-2026-46342", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46342 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea640fc9-18ad-5c6f-876e-0666e50d6367", "id": "CVE-2026-47200", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47200 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c078d4fc-2f56-5bcd-bdcb-c0f48b69471a", "id": "CVE-2026-53571", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53571 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d965bb7-2ad0-5111-909e-98330edcd906", "id": "CVE-2026-53721", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53721 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:649b33e0-c91e-51a4-88d3-78d4fe2d73df", "id": "CVE-2026-53722", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53722 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be4e43d6-bd33-5bd3-add5-a90ab80bb41c", "id": "CVE-2026-56326", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-56326 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:704cac75-8f73-5b21-8ca1-9f90001f22a6", "id": "GHSA-4hxc-9384-m385", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-4hxc-9384-m385 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ecdf8e5-4d6a-5f99-8036-5d3036413ab8", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b35439df-4e94-5fb9-ac82-53bad61d5ec6", "id": "GHSA-c9cv-mq2m-ppp3", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-c9cv-mq2m-ppp3 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6dd2dc0-99fb-5e8d-a5d7-322b9b342b80", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr does not affect version 3.12.4-tuxcare.2 of @nuxt/webpack-builder. not_affected \u2014 Nuxt.js is not affected by GHSA-gv7w-rqvm-qjhr. The vulnerability exists only in esbuild's Deno module distribution (lib/deno/mod.ts), which lacks SHA-256 integrity verification for downloaded binaries. Nuxt uses esbuild as an npm package dependency for Node.js, which uses a completely different installation path (lib/npm/node-install.ts) that already includes the binaryIntegrityCheck() protect..." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e0dc85e1-5360-58e7-8632-ed3856077461", "id": "GHSA-m3q2-p4fw-w38m", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-m3q2-p4fw-w38m does not affect version 3.12.4-tuxcare.2 of @nuxt/webpack-builder. not_affected \u2014 Target version (nuxt@3.12.4-tuxcare.5) is NOT affected by GHSA-m3q2-p4fw-w38m. The vulnerability was introduced 1754 commits AFTER v3.12.4 when Nuxt upgraded from unhead v1 to v2 in v3.16.0. The target uses a fundamentally different, older implementation that does not contain the vulnerable innerHTML pattern." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:39492754-369d-5340-b74c-11d327af1f98", "id": "GHSA-q5pr-72pq-83v3", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-q5pr-72pq-83v3 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b8497061-30a2-505a-b521-ecc3bfe130ff", "id": "GHSA-w5hq-g745-h8pq", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-w5hq-g745-h8pq affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0f2ff72b-2df5-5cba-a14f-0ffd6ca1d39d", "id": "GHSA-wr4h-v87w-p3r7", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-wr4h-v87w-p3r7 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9abe61f7-f3e3-586f-a4c4-2345c1533f2d", "id": "GHSA-x7mm-9vvv-64w8", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-x7mm-9vvv-64w8 affects version 3.12.4-tuxcare.2 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.2" } ] }