{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a125c3b0-263c-50f8-aeb7-221b6e37dabd", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40remix-run/cloudflare-workers@1.19.3", "type": "library", "name": "@remix-run/cloudflare-workers", "version": "1.19.3", "purl": "pkg:npm/%40remix-run/cloudflare-workers@1.19.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6f8b5b13-706d-58dc-a4fc-50d11033a139", "id": "CVE-2025-24010", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24010 affects version 1.19.3 of @remix-run/cloudflare-workers." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare-workers@1.19.3" } ] }, { "bom-ref": "urn:uuid:a99712af-1ad0-5ab3-9981-11a5907b5a02", "id": "CVE-2025-32014", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-32014 affects version 1.19.3 of @remix-run/cloudflare-workers." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare-workers@1.19.3" } ] }, { "bom-ref": "urn:uuid:45c2ca6f-7bac-5f62-8095-f84e71f2b6ed", "id": "CVE-2025-46565", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46565 affects version 1.19.3 of @remix-run/cloudflare-workers." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare-workers@1.19.3" } ] }, { "bom-ref": "urn:uuid:ce51d050-390b-5841-9aad-bd04a00e4788", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 1.19.3 of @remix-run/cloudflare-workers." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare-workers@1.19.3" } ] }, { "bom-ref": "urn:uuid:2cadc7a4-82cb-587d-98a7-6663381cbb92", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 1.19.3 of @remix-run/cloudflare-workers." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare-workers@1.19.3" } ] }, { "bom-ref": "urn:uuid:24b78575-9809-5d74-aceb-d9fd579fc3bf", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 1.19.3 of @remix-run/cloudflare-workers." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare-workers@1.19.3" } ] }, { "bom-ref": "urn:uuid:e5a3ff97-509b-583e-a07d-38c5dd084d07", "id": "CVE-2026-22030", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22030 affects version 1.19.3 of @remix-run/cloudflare-workers." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare-workers@1.19.3" } ] }, { "bom-ref": "urn:uuid:e8c7df30-fd10-5253-9e19-2e485e739817", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 1.19.3 of @remix-run/cloudflare-workers." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare-workers@1.19.3" } ] }, { "bom-ref": "urn:uuid:9773d6c8-88b1-558f-9a03-05659b14cccc", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 1.19.3 of @remix-run/cloudflare-workers." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare-workers@1.19.3" } ] }, { "bom-ref": "urn:uuid:511375b2-5518-54ba-8245-b3ccfec1980c", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 1.19.3 of @remix-run/cloudflare-workers." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare-workers@1.19.3" } ] }, { "bom-ref": "urn:uuid:d669a427-c033-589b-bdf8-8698c844d367", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 1.19.3 of @remix-run/cloudflare-workers." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare-workers@1.19.3" } ] }, { "bom-ref": "urn:uuid:51bee818-0eeb-5205-90a1-f7303381519c", "id": "GHSA-g7r4-m6w7-qqqr", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-g7r4-m6w7-qqqr does not affect version 1.19.3 of @remix-run/cloudflare-workers. not_affected \u2014 The target repository (Remix framework v1.19.3-tuxcare.1) is not affected by GHSA-g7r4-m6w7-qqqr. While esbuild v0.17.6 is a declared dependency, Remix does not use esbuild's development server functionality (the .serve() API with servedir) where the path traversal vulnerability exists. Remix uses esbuild exclusively for compilation/bundling and implements its own Express-based HTTP server for ..." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare-workers@1.19.3" } ] }, { "bom-ref": "urn:uuid:62c2b042-0eab-54f0-80d9-8d366e0b7a6b", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "false_positive", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr is a false positive for @remix-run/cloudflare-workers 1.19.3." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare-workers@1.19.3" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40remix-run/cloudflare-workers@1.19.3" } ] }