{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:40e39746-a17e-5a94-b7e8-36297936f22e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40remix-run/architect@1.19.3-tuxcare.1", "type": "library", "name": "@remix-run/architect", "version": "1.19.3-tuxcare.1", "purl": "pkg:npm/%40remix-run/architect@1.19.3-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a0462e77-de51-5026-bf32-35f1799fd5d2", "id": "CVE-2025-24010", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24010 affects version 1.19.3-tuxcare.1 of @remix-run/architect." }, "affects": [ { "ref": "pkg:npm/%40remix-run/architect@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:24dfd6a4-694d-54b2-9ba4-5970058f7f9a", "id": "CVE-2025-32014", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-32014 affects version 1.19.3-tuxcare.1 of @remix-run/architect." }, "affects": [ { "ref": "pkg:npm/%40remix-run/architect@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df6298b2-516b-5188-8028-053629fb4409", "id": "CVE-2025-46565", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46565 affects version 1.19.3-tuxcare.1 of @remix-run/architect." }, "affects": [ { "ref": "pkg:npm/%40remix-run/architect@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd309403-4d69-5e41-943e-381c92b3e1d5", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 1.19.3-tuxcare.1 of @remix-run/architect." }, "affects": [ { "ref": "pkg:npm/%40remix-run/architect@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0d5c1a73-f7de-50b9-b148-954a898ba6d7", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 1.19.3-tuxcare.1 of @remix-run/architect." }, "affects": [ { "ref": "pkg:npm/%40remix-run/architect@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:19c479c6-d679-5f16-89ad-0628a27f35ea", "id": "CVE-2025-59057", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-59057 is fixed in version 1.19.3-tuxcare.1 of @remix-run/architect." }, "affects": [ { "ref": "pkg:npm/%40remix-run/architect@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:99dbe2a0-f1a6-5953-ab25-d073d49f7afe", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 1.19.3-tuxcare.1 of @remix-run/architect." }, "affects": [ { "ref": "pkg:npm/%40remix-run/architect@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e5c3797-cdc9-5b3a-a3a4-8bb1fcbdb36f", "id": "CVE-2026-22030", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22030 affects version 1.19.3-tuxcare.1 of @remix-run/architect." }, "affects": [ { "ref": "pkg:npm/%40remix-run/architect@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1e646e9d-2bee-558e-a709-fc473ddef5cb", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 1.19.3-tuxcare.1 of @remix-run/architect." }, "affects": [ { "ref": "pkg:npm/%40remix-run/architect@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:70389957-f1b7-5a22-bce1-5b5f460fec1e", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 1.19.3-tuxcare.1 of @remix-run/architect." }, "affects": [ { "ref": "pkg:npm/%40remix-run/architect@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ac5112cb-20ba-50b1-8aa3-4a7589512f09", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 1.19.3-tuxcare.1 of @remix-run/architect." }, "affects": [ { "ref": "pkg:npm/%40remix-run/architect@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:44880e9a-e1cf-5d48-b519-b64081ba3d28", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 1.19.3-tuxcare.1 of @remix-run/architect." }, "affects": [ { "ref": "pkg:npm/%40remix-run/architect@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c0f1e7c-a756-51b6-b1a1-fe5474402013", "id": "GHSA-g7r4-m6w7-qqqr", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-g7r4-m6w7-qqqr does not affect version 1.19.3-tuxcare.1 of @remix-run/architect. not_affected \u2014 The target repository (Remix framework v1.19.3-tuxcare.1) is not affected by GHSA-g7r4-m6w7-qqqr. While esbuild v0.17.6 is a declared dependency, Remix does not use esbuild's development server functionality (the .serve() API with servedir) where the path traversal vulnerability exists. Remix uses esbuild exclusively for compilation/bundling and implements its own Express-based HTTP server for ..." }, "affects": [ { "ref": "pkg:npm/%40remix-run/architect@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3000d71a-7093-5600-9500-8a5527a30e72", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "false_positive", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr is a false positive for @remix-run/architect 1.19.3-tuxcare.1." }, "affects": [ { "ref": "pkg:npm/%40remix-run/architect@1.19.3-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40remix-run/architect@1.19.3-tuxcare.1" } ] }