{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:ddbf4d3e-bdc9-5d69-9efe-2d71bbcbcd0b",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/%40remix-run/deno@1.19.3",
      "type": "library",
      "name": "@remix-run/deno",
      "version": "1.19.3",
      "purl": "pkg:npm/%40remix-run/deno@1.19.3"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:8ff35b9a-1248-509d-906f-cbd4f0b7187c",
      "id": "CVE-2025-24010",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-24010 affects version 1.19.3 of @remix-run/deno."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40remix-run/deno@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f9a08ce2-902a-582b-9b80-e108cf8cb057",
      "id": "CVE-2025-32014",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-32014 affects version 1.19.3 of @remix-run/deno."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40remix-run/deno@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4b14e9cb-d375-5860-aba4-218648946426",
      "id": "CVE-2025-46565",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-46565 affects version 1.19.3 of @remix-run/deno."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40remix-run/deno@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:552a14f9-0855-58b1-a2bc-ff7dd93bf364",
      "id": "CVE-2025-58751",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-58751 affects version 1.19.3 of @remix-run/deno."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40remix-run/deno@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6340e2e0-9680-5673-9cd5-10b65495ab3e",
      "id": "CVE-2025-58752",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-58752 affects version 1.19.3 of @remix-run/deno."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40remix-run/deno@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8429a6e9-cc40-57a7-8002-d7eb8e0f9bb0",
      "id": "CVE-2025-62522",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-62522 affects version 1.19.3 of @remix-run/deno."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40remix-run/deno@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3acf9b1e-c168-5c3e-af00-6c8fa06640b6",
      "id": "CVE-2026-22030",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22030 affects version 1.19.3 of @remix-run/deno."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40remix-run/deno@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8334c040-5f7e-5400-a68b-8519d3e052d9",
      "id": "CVE-2026-39363",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39363 affects version 1.19.3 of @remix-run/deno."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40remix-run/deno@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c74e7f86-7297-56a9-ba89-a187aef3fe04",
      "id": "CVE-2026-39364",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39364 affects version 1.19.3 of @remix-run/deno."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40remix-run/deno@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5cad95db-72e6-5700-8490-b9cede2369d8",
      "id": "CVE-2026-39365",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39365 affects version 1.19.3 of @remix-run/deno."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40remix-run/deno@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3de2c05d-b3e4-5133-b629-c66188a57daa",
      "id": "GHSA-67mh-4wv8-2f99",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 1.19.3 of @remix-run/deno."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40remix-run/deno@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fab69d68-b4f5-52b6-8038-0cbca27b500e",
      "id": "GHSA-g7r4-m6w7-qqqr",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability GHSA-g7r4-m6w7-qqqr does not affect version 1.19.3 of @remix-run/deno. not_affected \u2014 The target repository (Remix framework v1.19.3-tuxcare.1) is not affected by GHSA-g7r4-m6w7-qqqr. While esbuild v0.17.6 is a declared dependency, Remix does not use esbuild's development server functionality (the .serve() API with servedir) where the path traversal vulnerability exists. Remix uses esbuild exclusively for compilation/bundling and implements its own Express-based HTTP server for ..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40remix-run/deno@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2fdcc77e-9097-5a83-8803-a4b66ca3b7b7",
      "id": "GHSA-gv7w-rqvm-qjhr",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr is a false positive for @remix-run/deno 1.19.3."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40remix-run/deno@1.19.3"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/%40remix-run/deno@1.19.3"
    }
  ]
}