{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9929e8f9-9278-55ab-bdc8-2b6d47a7c2cb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4", "type": "library", "name": "@nuxt/webpack-builder", "version": "3.12.4", "purl": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d2270d03-ec21-5f99-83ed-b5029c354878", "id": "CVE-2022-25852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25852 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:976d17d4-fb79-54ac-900b-30f776f39258", "id": "CVE-2025-27415", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-27415 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:f16d4643-c781-59c2-88dd-b30b9f64d781", "id": "CVE-2025-52662", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52662 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:55ab522c-6885-5b26-b54e-dabe2081d117", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:f930d31b-cc21-595e-acd9-ebefe1b9290f", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:c737df35-a6c3-5ada-93ad-01d8f6d36cf4", "id": "CVE-2025-59414", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59414 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:3666aa7f-15dd-5f09-bd8b-67c92c8e5c13", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:430809df-3f41-5692-a173-01aa78fb725b", "id": "CVE-2026-25128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25128 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:3a339a26-8c8f-5aa8-9536-5efaaeeb443a", "id": "CVE-2026-31860", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-31860 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:b4a1b253-eae2-5458-974d-bc50ec0369c3", "id": "CVE-2026-31873", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-31873 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:44ebb12c-4670-5c8e-b21c-516816f32a80", "id": "CVE-2026-32887", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32887 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:bdba264c-2f5c-556f-b8ec-1e90e782b728", "id": "CVE-2026-33128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33128 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:5d388f6c-bea6-52eb-93f7-433c54b110e9", "id": "CVE-2026-33129", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33129 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:aaa498be-a02e-5731-be7c-691baeb192c5", "id": "CVE-2026-33131", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33131 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:846b13b1-46ff-5aa7-a430-7530cf42c472", "id": "CVE-2026-33490", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33490 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:c1d92fdd-a82e-53ba-aec9-40bb786e10f3", "id": "CVE-2026-39315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39315 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:a7fbd0c7-7653-570e-8a56-879306dffe7e", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:868b1613-f656-5283-82e0-ffad1fbe520e", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:e8ebfac9-75ea-518e-8e78-e1fbdbe61705", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:19cc7bee-d568-5c77-82aa-4c23becc4f1b", "id": "CVE-2026-39406", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39406 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:21fb9d02-7e77-58c9-927a-729c1014b054", "id": "CVE-2026-41305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41305 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:e007538c-eb3e-5bc9-8bc0-337ebcc11750", "id": "CVE-2026-42338", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2026-42338 is a false positive for @nuxt/webpack-builder 3.12.4. false_positive \u2014 CVE-2026-42338 is a false positive match for this repository. The CVE concerns the 'ip-address' npm package (specifically XSS vulnerabilities in the Address6 class), but this repository is 'nuxt' (Nuxt.js web framework version 3.12.4-tuxcare.5). Exhaustive search confirmed that the ip-address package is not present in this repository as the project itself, as a vendored/bundled copy, or as a de..." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:92a0a90e-1806-5187-b1cf-e6d632c70882", "id": "CVE-2026-44372", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44372 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:edc86cca-4dc7-5be0-b58e-2786a482d345", "id": "CVE-2026-44373", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44373 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:3973f6af-6f3f-5029-9e28-773e3ec971f0", "id": "CVE-2026-45669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45669 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:2a2a9cb6-ab82-5f6e-bbab-c006e99be6a5", "id": "CVE-2026-46342", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46342 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:bcabfee1-6d43-52d3-8bc2-30e9dbff8d56", "id": "CVE-2026-47200", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47200 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:abd37014-cf64-5634-ba42-3fd5b5e5d064", "id": "CVE-2026-53571", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53571 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:3ba5bacc-181d-55ea-a42f-5ef991268903", "id": "CVE-2026-53721", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53721 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:295dd498-2759-5696-8e22-ec7ee9109110", "id": "CVE-2026-53722", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53722 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:abc272ca-b207-5578-9222-037229b3b800", "id": "CVE-2026-56326", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-56326 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:75310892-6a32-5fee-b346-dabd13f8c4ed", "id": "GHSA-4hxc-9384-m385", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-4hxc-9384-m385 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:e0d92877-f1ba-5067-b50f-bbdacda76531", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:dd86285f-1d4d-59d8-b1d5-8a4a36d05db4", "id": "GHSA-c9cv-mq2m-ppp3", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-c9cv-mq2m-ppp3 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:b3e477f7-45f9-51d0-82b2-0b14ecf96e3c", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr does not affect version 3.12.4 of @nuxt/webpack-builder. not_affected \u2014 Nuxt.js is not affected by GHSA-gv7w-rqvm-qjhr. The vulnerability exists only in esbuild's Deno module distribution (lib/deno/mod.ts), which lacks SHA-256 integrity verification for downloaded binaries. Nuxt uses esbuild as an npm package dependency for Node.js, which uses a completely different installation path (lib/npm/node-install.ts) that already includes the binaryIntegrityCheck() protect..." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:6f8896c8-810e-50bf-9072-b3a018bf9e72", "id": "GHSA-m3q2-p4fw-w38m", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-m3q2-p4fw-w38m does not affect version 3.12.4 of @nuxt/webpack-builder. not_affected \u2014 Target version (nuxt@3.12.4-tuxcare.5) is NOT affected by GHSA-m3q2-p4fw-w38m. The vulnerability was introduced 1754 commits AFTER v3.12.4 when Nuxt upgraded from unhead v1 to v2 in v3.16.0. The target uses a fundamentally different, older implementation that does not contain the vulnerable innerHTML pattern." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:b3f890e4-4f75-565d-ad1f-3c75e35977ba", "id": "GHSA-q5pr-72pq-83v3", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-q5pr-72pq-83v3 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:c51e5b97-84a5-5c97-9f4a-71bc87b10b11", "id": "GHSA-w5hq-g745-h8pq", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-w5hq-g745-h8pq affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:568110d8-0f8e-5e03-bf3a-b2e291aa18cb", "id": "GHSA-wr4h-v87w-p3r7", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-wr4h-v87w-p3r7 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }, { "bom-ref": "urn:uuid:f1690512-2a34-5cff-ac98-053d4930661f", "id": "GHSA-x7mm-9vvv-64w8", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-x7mm-9vvv-64w8 affects version 3.12.4 of @nuxt/webpack-builder." }, "affects": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40nuxt/webpack-builder@3.12.4" } ] }