{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:927af7d7-b21f-5c67-8bc9-2d9ba93c697b",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4",
      "type": "library",
      "name": "@nuxt/webpack-builder",
      "version": "3.12.4-tuxcare.4",
      "purl": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:966fac78-e2d3-50be-aee3-d94d69547924",
      "id": "CVE-2022-25852",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2022-25852 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3b500d99-9ca3-5842-9d33-39f6e94ad05d",
      "id": "CVE-2025-24360",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-24360 is fixed in version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:892e27eb-b2d2-5bcf-8ec6-d12cbeb31262",
      "id": "CVE-2025-24361",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-24361 is fixed in version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:477e5c7e-4672-5411-bf18-59b2a1f85e35",
      "id": "CVE-2025-27415",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-27415 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:46163bab-1b5b-5ac2-9ed9-c42ff7766942",
      "id": "CVE-2025-52662",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-52662 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a579753b-22a3-5fad-a295-00f42563d195",
      "id": "CVE-2025-58751",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-58751 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2e24dba0-0181-5200-991b-c4d4f02c2085",
      "id": "CVE-2025-58752",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-58752 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5b605380-12ad-5e86-b900-77878af87bc9",
      "id": "CVE-2025-59414",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-59414 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b97dffe6-1a5f-50f9-9952-f059f562f38e",
      "id": "CVE-2025-62522",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-62522 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0f2eb677-3bdd-58e4-823e-27907e076712",
      "id": "CVE-2026-25128",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-25128 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ab4b8bf3-0840-5eaa-8d1d-e6378b53ee48",
      "id": "CVE-2026-31860",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-31860 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e0df7abb-155f-5eeb-a70c-edce7d1a272e",
      "id": "CVE-2026-31873",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-31873 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5383d006-e1f1-510a-b743-1c1c3fec782d",
      "id": "CVE-2026-32887",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-32887 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9b9ce3f2-d185-544e-a636-d8f2c621fdb0",
      "id": "CVE-2026-33128",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33128 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:14736bd4-0732-539a-a6b2-86098b3b279a",
      "id": "CVE-2026-33129",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33129 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1c9b133b-49c2-5cfa-b91d-fcff0c424958",
      "id": "CVE-2026-33131",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33131 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ea95babb-9e34-5c33-9fec-345c6428fad1",
      "id": "CVE-2026-33490",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33490 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fa53275c-5eec-5f78-a2a7-c216c912bd76",
      "id": "CVE-2026-39315",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39315 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5fcc0fa9-0077-5157-b08e-f7b2a6dd1b19",
      "id": "CVE-2026-39363",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39363 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:37bfcf89-f50d-5bbb-9fc4-5ac7254096d2",
      "id": "CVE-2026-39364",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39364 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8d5cbfea-daeb-5cb7-a502-c6837324dead",
      "id": "CVE-2026-39365",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39365 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a0b573d2-956a-5f9c-baa2-4e42d7b350b6",
      "id": "CVE-2026-39406",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39406 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9298c373-6e64-592a-bd1b-8fbf69b4f91f",
      "id": "CVE-2026-41305",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-41305 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ce4a78d9-cd17-58a5-90a2-2e3ad7d36fa3",
      "id": "CVE-2026-42338",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2026-42338 is a false positive for @nuxt/webpack-builder 3.12.4-tuxcare.4. false_positive \u2014 CVE-2026-42338 is a false positive match for this repository. The CVE concerns the 'ip-address' npm package (specifically XSS vulnerabilities in the Address6 class), but this repository is 'nuxt' (Nuxt.js web framework version 3.12.4-tuxcare.5). Exhaustive search confirmed that the ip-address package is not present in this repository as the project itself, as a vendored/bundled copy, or as a de..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1fa38f70-1209-5398-b5e3-a59f9d00c422",
      "id": "CVE-2026-44372",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-44372 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7e92ea5a-f55b-5579-9498-40b3aa2475ec",
      "id": "CVE-2026-44373",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-44373 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4b0ebad8-a610-5997-aedd-67c819845dab",
      "id": "CVE-2026-45669",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-45669 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5ac97f0f-f156-59d6-b4b7-981fc7a0650e",
      "id": "CVE-2026-46342",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-46342 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:809f245e-1cff-5a1c-a038-5665105b1550",
      "id": "CVE-2026-47200",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-47200 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:45cda0fb-c886-586d-8a4b-7d60fffbd098",
      "id": "CVE-2026-53571",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-53571 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e47f843b-0d56-5113-b2c0-1703f76d0114",
      "id": "CVE-2026-53721",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-53721 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f2146bb1-f93e-5734-acd5-13fb4adbc43c",
      "id": "CVE-2026-53722",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-53722 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3fc913cc-9cc9-59e0-9b30-01a848abfbb6",
      "id": "CVE-2026-56326",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-56326 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6187391e-3cc1-543f-906b-97b1941c759b",
      "id": "GHSA-4hxc-9384-m385",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-4hxc-9384-m385 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8ba7f134-e1a6-5cf0-b604-068ed0fbea89",
      "id": "GHSA-67mh-4wv8-2f99",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fa63adb5-6edb-5a6c-aa2e-d1eb5bb53ce9",
      "id": "GHSA-c9cv-mq2m-ppp3",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-c9cv-mq2m-ppp3 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:97954103-803d-537c-8360-4751b795136f",
      "id": "GHSA-gv7w-rqvm-qjhr",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr does not affect version 3.12.4-tuxcare.4 of @nuxt/webpack-builder. not_affected \u2014 Nuxt.js is not affected by GHSA-gv7w-rqvm-qjhr. The vulnerability exists only in esbuild's Deno module distribution (lib/deno/mod.ts), which lacks SHA-256 integrity verification for downloaded binaries. Nuxt uses esbuild as an npm package dependency for Node.js, which uses a completely different installation path (lib/npm/node-install.ts) that already includes the binaryIntegrityCheck() protect..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ff2f12e5-4b12-5ddb-a682-367fab11183c",
      "id": "GHSA-m3q2-p4fw-w38m",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability GHSA-m3q2-p4fw-w38m does not affect version 3.12.4-tuxcare.4 of @nuxt/webpack-builder. not_affected \u2014 Target version (nuxt@3.12.4-tuxcare.5) is NOT affected by GHSA-m3q2-p4fw-w38m. The vulnerability was introduced 1754 commits AFTER v3.12.4 when Nuxt upgraded from unhead v1 to v2 in v3.16.0. The target uses a fundamentally different, older implementation that does not contain the vulnerable innerHTML pattern."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a2b2b78a-2f90-52ae-acce-4c4f269322df",
      "id": "GHSA-q5pr-72pq-83v3",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-q5pr-72pq-83v3 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ceeb48a1-5c54-5635-ad3e-fa105a406660",
      "id": "GHSA-w5hq-g745-h8pq",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-w5hq-g745-h8pq affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e1ea331c-4f5f-57d9-b63a-d059e02b54b4",
      "id": "GHSA-wr4h-v87w-p3r7",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-wr4h-v87w-p3r7 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ef052fd9-e310-5341-b951-670b2085d999",
      "id": "GHSA-x7mm-9vvv-64w8",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-x7mm-9vvv-64w8 affects version 3.12.4-tuxcare.4 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4-tuxcare.4"
    }
  ]
}