{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:a67571da-00ee-56ba-bb85-aba07b3cb53f",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3",
      "type": "library",
      "name": "@nuxt/webpack-builder",
      "version": "3.12.4-tuxcare.3",
      "purl": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:11296b7a-8dec-50f7-a032-78557356242b",
      "id": "CVE-2022-25852",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2022-25852 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:bba13c9c-e264-5fd9-8797-f8857746ba44",
      "id": "CVE-2025-24360",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-24360 is fixed in version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4642d1c1-402b-55bc-b86a-ace387c93450",
      "id": "CVE-2025-24361",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-24361 is fixed in version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e5815813-0c09-55f0-90ae-6980f4258f59",
      "id": "CVE-2025-27415",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-27415 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:046447e3-3581-56e0-ac33-26eb8cc09b20",
      "id": "CVE-2025-52662",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-52662 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:298fe3b4-9ede-50d0-9b38-7537e5b629b3",
      "id": "CVE-2025-58751",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-58751 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a2bfa8cc-9708-525d-9525-45954c80f683",
      "id": "CVE-2025-58752",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-58752 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5d299b78-f9de-51e4-8edf-7c18bb626a0b",
      "id": "CVE-2025-59414",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-59414 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:44ffb69a-96fb-5e5c-ab84-0c8a626e0b1c",
      "id": "CVE-2025-62522",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-62522 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c25ea2ef-45a9-595d-bbd1-e80ecfccf5dc",
      "id": "CVE-2026-25128",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-25128 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:36cca89b-3793-5d75-ad79-a8da5a7894e2",
      "id": "CVE-2026-31860",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-31860 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:18db36de-fe32-5651-9606-6be3a80a47a0",
      "id": "CVE-2026-31873",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-31873 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:068a70b4-f078-5ecb-9525-294ba97bbe5d",
      "id": "CVE-2026-32887",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-32887 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:bd224751-3273-53d3-a5e9-64116ecbf844",
      "id": "CVE-2026-33128",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33128 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2738693f-0390-5ae5-8717-5e6e2b221258",
      "id": "CVE-2026-33129",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33129 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6bf69bfc-8c9e-5054-9174-408bee08068c",
      "id": "CVE-2026-33131",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33131 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b6098039-9265-52d7-87f9-dd08507a5130",
      "id": "CVE-2026-33490",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33490 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:92531404-4a96-56a8-828a-b207f987c5ca",
      "id": "CVE-2026-39315",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39315 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6ca15b40-ff21-51b4-84e3-2a2af531be38",
      "id": "CVE-2026-39363",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39363 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:292080d8-564b-555d-ba89-8a3cff4cd6fe",
      "id": "CVE-2026-39364",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39364 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f20c422e-ae89-5ca2-b6f7-3b900d95896a",
      "id": "CVE-2026-39365",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39365 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:489d1e8b-0360-5bd6-a71a-a13145b5d2ac",
      "id": "CVE-2026-39406",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39406 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6813cf02-8263-51e0-8490-ae5852f27ec1",
      "id": "CVE-2026-41305",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-41305 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a0ea2884-5fe0-5864-8e28-b414efe2d3a1",
      "id": "CVE-2026-42338",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2026-42338 is a false positive for @nuxt/webpack-builder 3.12.4-tuxcare.3. false_positive \u2014 CVE-2026-42338 is a false positive match for this repository. The CVE concerns the 'ip-address' npm package (specifically XSS vulnerabilities in the Address6 class), but this repository is 'nuxt' (Nuxt.js web framework version 3.12.4-tuxcare.5). Exhaustive search confirmed that the ip-address package is not present in this repository as the project itself, as a vendored/bundled copy, or as a de..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:74b80cdf-1a5a-5b63-a882-c76ff185a03c",
      "id": "CVE-2026-44372",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-44372 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b0c565e2-10ad-5393-9375-d2ecec0a5d34",
      "id": "CVE-2026-44373",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-44373 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:aa6a543c-20b7-54b4-b4fc-6c111dc8a094",
      "id": "CVE-2026-45669",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-45669 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:97e76749-62ef-54c8-a5ba-8665afe7ee54",
      "id": "CVE-2026-46342",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-46342 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3341a166-8a6f-5c93-9d6d-247815b8f7bf",
      "id": "CVE-2026-47200",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-47200 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d910f6b8-5f09-5619-98d2-e4f451290549",
      "id": "CVE-2026-53571",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-53571 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5b108b39-82a2-5561-8414-4c44647e2396",
      "id": "CVE-2026-53721",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-53721 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2fbc6b37-8c57-504b-970b-b7009068a145",
      "id": "CVE-2026-53722",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-53722 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1a200cfd-06d4-587f-970a-2faeb86a4c46",
      "id": "CVE-2026-56326",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-56326 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:00f0d47c-8d75-535e-99e1-6928b22a961f",
      "id": "GHSA-4hxc-9384-m385",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-4hxc-9384-m385 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:87398472-fec7-5fe4-9d35-c6b25dad12a6",
      "id": "GHSA-67mh-4wv8-2f99",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f8b09f8e-4003-5410-b844-7ffc58442ac8",
      "id": "GHSA-c9cv-mq2m-ppp3",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-c9cv-mq2m-ppp3 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4ebb70b0-5283-524f-b2ee-09fcf8347754",
      "id": "GHSA-gv7w-rqvm-qjhr",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr does not affect version 3.12.4-tuxcare.3 of @nuxt/webpack-builder. not_affected \u2014 Nuxt.js is not affected by GHSA-gv7w-rqvm-qjhr. The vulnerability exists only in esbuild's Deno module distribution (lib/deno/mod.ts), which lacks SHA-256 integrity verification for downloaded binaries. Nuxt uses esbuild as an npm package dependency for Node.js, which uses a completely different installation path (lib/npm/node-install.ts) that already includes the binaryIntegrityCheck() protect..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d244541d-1b8c-5343-85b9-da5bc10887d5",
      "id": "GHSA-m3q2-p4fw-w38m",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability GHSA-m3q2-p4fw-w38m does not affect version 3.12.4-tuxcare.3 of @nuxt/webpack-builder. not_affected \u2014 Target version (nuxt@3.12.4-tuxcare.5) is NOT affected by GHSA-m3q2-p4fw-w38m. The vulnerability was introduced 1754 commits AFTER v3.12.4 when Nuxt upgraded from unhead v1 to v2 in v3.16.0. The target uses a fundamentally different, older implementation that does not contain the vulnerable innerHTML pattern."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ed032444-4b82-51a1-be40-37cdbda3a15d",
      "id": "GHSA-q5pr-72pq-83v3",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-q5pr-72pq-83v3 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a1334824-c1ef-56f8-a102-915d2ba035ef",
      "id": "GHSA-w5hq-g745-h8pq",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-w5hq-g745-h8pq affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2a45e372-2c29-54d4-9388-5d64d94f7c56",
      "id": "GHSA-wr4h-v87w-p3r7",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-wr4h-v87w-p3r7 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:81fbf427-7f20-579a-8d9c-25c39163a882",
      "id": "GHSA-x7mm-9vvv-64w8",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-x7mm-9vvv-64w8 affects version 3.12.4-tuxcare.3 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.3"
    }
  ]
}