{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c2941d94-2466-5345-aebe-2b9c32257013", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40remix-run/cloudflare@1.19.3-tuxcare.1", "type": "library", "name": "@remix-run/cloudflare", "version": "1.19.3-tuxcare.1", "purl": "pkg:npm/%40remix-run/cloudflare@1.19.3-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7437be6d-86bc-5da9-b3dc-26a4f4b7613b", "id": "CVE-2025-24010", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24010 affects version 1.19.3-tuxcare.1 of @remix-run/cloudflare." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:51dbd2c3-2edd-54a8-ad57-a3df71d6d292", "id": "CVE-2025-32014", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-32014 affects version 1.19.3-tuxcare.1 of @remix-run/cloudflare." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84a4b0ea-c122-54c1-a99d-82bca1f953e8", "id": "CVE-2025-46565", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46565 affects version 1.19.3-tuxcare.1 of @remix-run/cloudflare." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8be4cd61-173b-52c3-8086-a690be4b2f6c", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 1.19.3-tuxcare.1 of @remix-run/cloudflare." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3aa1582f-eb09-54ec-b102-832b45d5c9e8", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 1.19.3-tuxcare.1 of @remix-run/cloudflare." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0354f879-a7ba-58e6-8e8f-9bf82a01cd78", "id": "CVE-2025-59057", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-59057 is fixed in version 1.19.3-tuxcare.1 of @remix-run/cloudflare." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0ac3f78-e5e9-571f-9b75-59f9b0b9f147", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 1.19.3-tuxcare.1 of @remix-run/cloudflare." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a0566fbc-9603-5f75-9470-66834a6872a9", "id": "CVE-2026-22030", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22030 affects version 1.19.3-tuxcare.1 of @remix-run/cloudflare." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:65666d7a-1bdf-504a-a4bd-5f23b85abc20", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 1.19.3-tuxcare.1 of @remix-run/cloudflare." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e245c3ba-e202-5f03-9128-92409082b98d", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 1.19.3-tuxcare.1 of @remix-run/cloudflare." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:862b2a89-2d04-51b6-be70-149fa8450631", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 1.19.3-tuxcare.1 of @remix-run/cloudflare." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:85e46754-5bbd-59dc-89a7-e3833295b6ab", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 1.19.3-tuxcare.1 of @remix-run/cloudflare." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3832225-c598-5505-9d11-def50b021ea6", "id": "GHSA-g7r4-m6w7-qqqr", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-g7r4-m6w7-qqqr does not affect version 1.19.3-tuxcare.1 of @remix-run/cloudflare. not_affected \u2014 The target repository (Remix framework v1.19.3-tuxcare.1) is not affected by GHSA-g7r4-m6w7-qqqr. While esbuild v0.17.6 is a declared dependency, Remix does not use esbuild's development server functionality (the .serve() API with servedir) where the path traversal vulnerability exists. Remix uses esbuild exclusively for compilation/bundling and implements its own Express-based HTTP server for ..." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6a433ec6-41aa-5c5d-9379-25b232952525", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "false_positive", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr is a false positive for @remix-run/cloudflare 1.19.3-tuxcare.1." }, "affects": [ { "ref": "pkg:npm/%40remix-run/cloudflare@1.19.3-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40remix-run/cloudflare@1.19.3-tuxcare.1" } ] }