{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:d82e3f31-73f0-5766-9aba-9fc1c0f98346",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2",
      "type": "library",
      "name": "@nuxt/webpack-builder",
      "version": "4.0.3-tuxcare.2",
      "purl": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:a62fe471-c9ad-54f6-925e-25f3116a0cef",
      "id": "CVE-2022-21670",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2022-21670 is fixed in version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d269b9be-fdaa-5631-ab6a-36d43062f4c7",
      "id": "CVE-2022-25852",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2022-25852 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:67400d8f-6681-5c5a-a0f3-ec8acaccd2d4",
      "id": "CVE-2025-59414",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-59414 is fixed in version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3f7045f1-fcfc-5890-9f7b-76025cc237d1",
      "id": "CVE-2026-25128",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-25128 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:57fbbea9-eb57-556a-98da-e43e5d4ae82d",
      "id": "CVE-2026-32887",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-32887 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:164e5ebd-1c87-5bad-aeb2-c85a8049c0ed",
      "id": "CVE-2026-33128",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33128 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d4b565d5-0704-5dd9-9041-5f659b0cdaf9",
      "id": "CVE-2026-33129",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33129 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:db14d59f-55b9-59b6-98e9-142873854882",
      "id": "CVE-2026-33131",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33131 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5b11ee8f-80b8-59ec-9130-75f7c581e491",
      "id": "CVE-2026-33490",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33490 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0c7d0745-1dc5-5dfc-9d86-17c781140983",
      "id": "CVE-2026-39363",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39363 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:61b2cbbc-a029-58ea-9ef1-185b27fe1cb1",
      "id": "CVE-2026-39364",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39364 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0a3c90d0-5332-59f5-bce3-8fad315c9023",
      "id": "CVE-2026-39365",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39365 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7f79ef58-9496-5c52-a929-0cae3d72ec12",
      "id": "CVE-2026-39406",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39406 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8cd16a21-b025-5cd9-8e85-76ef56847a04",
      "id": "CVE-2026-41305",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-41305 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:bc37dfe2-08b8-5265-988a-81a9eaa61592",
      "id": "CVE-2026-42338",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2026-42338 is a false positive for @nuxt/webpack-builder 4.0.3-tuxcare.2. false_positive \u2014 CVE-2026-42338 concerns the 'ip-address' npm package, but this repository is the 'nuxt' framework. The affected component (ip-address library) is completely absent from the repository - not as the project itself, not as vendored/bundled code, and not as a declared dependency. This is a wrong-project match."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:96bcb516-8fc5-5cb6-8f1c-394a2484238e",
      "id": "CVE-2026-44372",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-44372 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3f4ee242-3338-541e-a8c8-e9cc81bad0e5",
      "id": "CVE-2026-44373",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-44373 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5a103c12-f854-5832-ad6b-51f2ac9b1d01",
      "id": "CVE-2026-45669",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-45669 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:96329a93-da9d-5a75-bf4b-0cdfcd95c395",
      "id": "CVE-2026-45670",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-45670 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4b523af0-6a6d-5906-be5f-1f7638dabc96",
      "id": "CVE-2026-45736",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2026-45736 is a false positive for @nuxt/webpack-builder 4.0.3-tuxcare.2. false_positive \u2014 CVE-2026-45736 is a wrong-project match. The advisory concerns the 'ws' WebSocket library for Node.js, but the target repository is Nuxt.js framework. The ws library's source code (specifically lib/sender.js containing the vulnerable WebSocket close implementation) does not exist anywhere in this repository. While ws appears as a transitive dependency in pnpm-lock.yaml, no ws source code is pre..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7e0b1064-076f-50fa-9405-52b0ca16a3d3",
      "id": "CVE-2026-46342",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-46342 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6315f008-4879-584c-a589-70de58fb4dc1",
      "id": "CVE-2026-47200",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-47200 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8e36fba6-8921-51d7-be8c-bd328aa342af",
      "id": "CVE-2026-49993",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-49993 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9b8b4746-0b1a-5966-843e-1de07452b06b",
      "id": "CVE-2026-53571",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-53571 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1b23c871-0a00-5e54-b111-3e6eba501708",
      "id": "CVE-2026-53721",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-53721 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f837134c-d1ab-54cf-beb4-e7a00a0ab3b8",
      "id": "CVE-2026-53722",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-53722 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ab87d7b9-5e19-5d27-93b5-2737940103cf",
      "id": "CVE-2026-54285",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2026-54285 is a false positive for @nuxt/webpack-builder 4.0.3-tuxcare.2. false_positive \u2014 This CVE concerns @opentelemetry/core (OpenTelemetry JavaScript package), but the target repository is Nuxt (Vue.js framework). The affected component W3CBaggagePropagator is completely absent from this repository. This is a wrong-project match."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:65581bd9-22d0-5692-a411-1b36b69ca137",
      "id": "CVE-2026-56326",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-56326 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:638b92d3-8fb5-5ca2-bc4e-5b3604011f83",
      "id": "GHSA-4hxc-9384-m385",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-4hxc-9384-m385 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e969e7e4-ae5c-5f7b-ab91-db29360df638",
      "id": "GHSA-534h-c3cw-v3h9",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-534h-c3cw-v3h9 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c89488cd-83a7-5658-a6cd-262754fceb26",
      "id": "GHSA-c9cv-mq2m-ppp3",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-c9cv-mq2m-ppp3 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f1d1abe1-22a9-5df9-a8d0-24412253a6f7",
      "id": "GHSA-gv7w-rqvm-qjhr",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr does not affect version 4.0.3-tuxcare.2 of @nuxt/webpack-builder. not_affected \u2014 The target Nuxt repository uses esbuild as a Node.js dependency via npm/pnpm, not the vulnerable Deno module. The vulnerability (GHSA-gv7w-rqvm-qjhr) is specific to esbuild's Deno distribution (lib/deno/mod.ts) which downloads binaries at runtime without integrity verification. The Node.js distribution (lib/npm/node-install.ts) contains robust SHA-256 integrity checks and is not affected. This ..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2e6aac3f-9556-58c8-990b-97345c9abd6a",
      "id": "GHSA-m3q2-p4fw-w38m",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-m3q2-p4fw-w38m affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:19d9f577-4151-509e-ab72-7f496c8d200b",
      "id": "GHSA-q5pr-72pq-83v3",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-q5pr-72pq-83v3 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c5a396a5-0314-590e-b984-7da563b4a4c2",
      "id": "GHSA-rq7w-g337-39qq",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-rq7w-g337-39qq affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:08d4c6fb-78ec-5b88-b383-d7435577704a",
      "id": "GHSA-w5hq-g745-h8pq",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-w5hq-g745-h8pq affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0e4307d0-bc6c-5900-ab4c-a7e2bd8675d8",
      "id": "GHSA-wr4h-v87w-p3r7",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-wr4h-v87w-p3r7 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3fc11902-24a7-56e5-9ecb-692b908fe475",
      "id": "GHSA-x7mm-9vvv-64w8",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-x7mm-9vvv-64w8 affects version 4.0.3-tuxcare.2 of @nuxt/webpack-builder."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/%40nuxt/webpack-builder@4.0.3-tuxcare.2"
    }
  ]
}