{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:58ea1676-50c2-5c89-b7c3-d809a5c14ab7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40remix-run/css-bundle@1.19.3-tuxcare.1", "type": "library", "name": "@remix-run/css-bundle", "version": "1.19.3-tuxcare.1", "purl": "pkg:npm/%40remix-run/css-bundle@1.19.3-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ea05c308-21e4-5c15-b37d-66695f6864ed", "id": "CVE-2025-24010", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24010 affects version 1.19.3-tuxcare.1 of @remix-run/css-bundle." }, "affects": [ { "ref": "pkg:npm/%40remix-run/css-bundle@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:58b21016-02f2-59a3-bd0c-072cc6798811", "id": "CVE-2025-32014", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-32014 affects version 1.19.3-tuxcare.1 of @remix-run/css-bundle." }, "affects": [ { "ref": "pkg:npm/%40remix-run/css-bundle@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83450bc5-0362-54ea-9db5-e982046efc5c", "id": "CVE-2025-46565", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46565 affects version 1.19.3-tuxcare.1 of @remix-run/css-bundle." }, "affects": [ { "ref": "pkg:npm/%40remix-run/css-bundle@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:339afa7c-8390-53ec-a30a-167c3d99911a", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 1.19.3-tuxcare.1 of @remix-run/css-bundle." }, "affects": [ { "ref": "pkg:npm/%40remix-run/css-bundle@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01c4d6c6-e6d9-5019-b7fd-72ff707a1ea8", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 1.19.3-tuxcare.1 of @remix-run/css-bundle." }, "affects": [ { "ref": "pkg:npm/%40remix-run/css-bundle@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:213b7fdc-d6b7-5741-a620-4698b42deca6", "id": "CVE-2025-59057", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-59057 is fixed in version 1.19.3-tuxcare.1 of @remix-run/css-bundle." }, "affects": [ { "ref": "pkg:npm/%40remix-run/css-bundle@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:715cf7b7-5a5a-581f-9d2b-91032899b79d", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 1.19.3-tuxcare.1 of @remix-run/css-bundle." }, "affects": [ { "ref": "pkg:npm/%40remix-run/css-bundle@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a8a94530-bca8-5942-9777-f8c56956d15f", "id": "CVE-2026-22030", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22030 affects version 1.19.3-tuxcare.1 of @remix-run/css-bundle." }, "affects": [ { "ref": "pkg:npm/%40remix-run/css-bundle@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa7bd757-b029-5b17-a855-3aa9f7a68dfd", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 1.19.3-tuxcare.1 of @remix-run/css-bundle." }, "affects": [ { "ref": "pkg:npm/%40remix-run/css-bundle@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf935ec8-573e-58f4-8d70-5accd0a36eb2", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 1.19.3-tuxcare.1 of @remix-run/css-bundle." }, "affects": [ { "ref": "pkg:npm/%40remix-run/css-bundle@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:255cfa8d-3346-5309-869b-ec8a3e2802ce", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 1.19.3-tuxcare.1 of @remix-run/css-bundle." }, "affects": [ { "ref": "pkg:npm/%40remix-run/css-bundle@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9e5f138-7b60-5f8c-8113-33f54f678ce2", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 1.19.3-tuxcare.1 of @remix-run/css-bundle." }, "affects": [ { "ref": "pkg:npm/%40remix-run/css-bundle@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3455918e-c2bf-595e-974d-8d92b55ce1ed", "id": "GHSA-g7r4-m6w7-qqqr", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-g7r4-m6w7-qqqr does not affect version 1.19.3-tuxcare.1 of @remix-run/css-bundle. not_affected \u2014 The target repository (Remix framework v1.19.3-tuxcare.1) is not affected by GHSA-g7r4-m6w7-qqqr. While esbuild v0.17.6 is a declared dependency, Remix does not use esbuild's development server functionality (the .serve() API with servedir) where the path traversal vulnerability exists. Remix uses esbuild exclusively for compilation/bundling and implements its own Express-based HTTP server for ..." }, "affects": [ { "ref": "pkg:npm/%40remix-run/css-bundle@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af0ce89b-eeeb-52f6-a121-73bcca81960c", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "false_positive", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr is a false positive for @remix-run/css-bundle 1.19.3-tuxcare.1." }, "affects": [ { "ref": "pkg:npm/%40remix-run/css-bundle@1.19.3-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40remix-run/css-bundle@1.19.3-tuxcare.1" } ] }