{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:76ca5be4-7a9c-59b4-bc40-1cc212858061", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40remix-run/dev@1.19.3-tuxcare.1", "type": "library", "name": "@remix-run/dev", "version": "1.19.3-tuxcare.1", "purl": "pkg:npm/%40remix-run/dev@1.19.3-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3214444c-03d0-5332-8767-71f80fe5c8f0", "id": "CVE-2025-24010", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24010 affects version 1.19.3-tuxcare.1 of @remix-run/dev." }, "affects": [ { "ref": "pkg:npm/%40remix-run/dev@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df89e653-7bc9-5577-b524-75352b39d370", "id": "CVE-2025-32014", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-32014 affects version 1.19.3-tuxcare.1 of @remix-run/dev." }, "affects": [ { "ref": "pkg:npm/%40remix-run/dev@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3af8b4bc-ff18-5de6-bb29-2c07ecdf009f", "id": "CVE-2025-46565", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46565 affects version 1.19.3-tuxcare.1 of @remix-run/dev." }, "affects": [ { "ref": "pkg:npm/%40remix-run/dev@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2cd1a0c-318f-58be-9bc2-a12cdc41cf5e", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 1.19.3-tuxcare.1 of @remix-run/dev." }, "affects": [ { "ref": "pkg:npm/%40remix-run/dev@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5d18b81b-def1-5486-855f-84f9b8832962", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 1.19.3-tuxcare.1 of @remix-run/dev." }, "affects": [ { "ref": "pkg:npm/%40remix-run/dev@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:749e4fb7-f841-5b3c-9a77-af302bbd42c6", "id": "CVE-2025-59057", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-59057 is fixed in version 1.19.3-tuxcare.1 of @remix-run/dev." }, "affects": [ { "ref": "pkg:npm/%40remix-run/dev@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37bbc1b8-d4ed-5b15-a9ff-f277649df447", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 1.19.3-tuxcare.1 of @remix-run/dev." }, "affects": [ { "ref": "pkg:npm/%40remix-run/dev@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cbb5c2f1-aa04-5cd1-b426-3588be77bbf5", "id": "CVE-2026-22030", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22030 affects version 1.19.3-tuxcare.1 of @remix-run/dev." }, "affects": [ { "ref": "pkg:npm/%40remix-run/dev@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d7e56916-1780-5afd-9dbf-597ef058f581", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 1.19.3-tuxcare.1 of @remix-run/dev." }, "affects": [ { "ref": "pkg:npm/%40remix-run/dev@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3e573cf-c9d6-5409-b21c-f4ce88f910a8", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 1.19.3-tuxcare.1 of @remix-run/dev." }, "affects": [ { "ref": "pkg:npm/%40remix-run/dev@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:512087ba-10b9-5a21-b40d-a224d7223469", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 1.19.3-tuxcare.1 of @remix-run/dev." }, "affects": [ { "ref": "pkg:npm/%40remix-run/dev@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d093a29c-c96f-5852-bfcb-ac35f62a5f89", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 1.19.3-tuxcare.1 of @remix-run/dev." }, "affects": [ { "ref": "pkg:npm/%40remix-run/dev@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:68214f7f-2d8a-5876-a143-6814a18553f3", "id": "GHSA-g7r4-m6w7-qqqr", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-g7r4-m6w7-qqqr does not affect version 1.19.3-tuxcare.1 of @remix-run/dev. not_affected \u2014 The target repository (Remix framework v1.19.3-tuxcare.1) is not affected by GHSA-g7r4-m6w7-qqqr. While esbuild v0.17.6 is a declared dependency, Remix does not use esbuild's development server functionality (the .serve() API with servedir) where the path traversal vulnerability exists. Remix uses esbuild exclusively for compilation/bundling and implements its own Express-based HTTP server for ..." }, "affects": [ { "ref": "pkg:npm/%40remix-run/dev@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9831950e-4c8a-5c16-8cb1-46f7d54ddc79", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "false_positive", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr is a false positive for @remix-run/dev 1.19.3-tuxcare.1." }, "affects": [ { "ref": "pkg:npm/%40remix-run/dev@1.19.3-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40remix-run/dev@1.19.3-tuxcare.1" } ] }