{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:92629800-af11-56e5-9c7d-8d6644d86a51", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40remix-run/express@1.19.3-tuxcare.1", "type": "library", "name": "@remix-run/express", "version": "1.19.3-tuxcare.1", "purl": "pkg:npm/%40remix-run/express@1.19.3-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6bc78618-8595-5dc0-9603-1535952ea68f", "id": "CVE-2025-24010", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24010 affects version 1.19.3-tuxcare.1 of @remix-run/express." }, "affects": [ { "ref": "pkg:npm/%40remix-run/express@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:20be4f48-8508-5d4a-a332-d9cd59f16bd1", "id": "CVE-2025-32014", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-32014 affects version 1.19.3-tuxcare.1 of @remix-run/express." }, "affects": [ { "ref": "pkg:npm/%40remix-run/express@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c5fae23-8d96-56f1-a39e-188d4b2ff95e", "id": "CVE-2025-46565", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46565 affects version 1.19.3-tuxcare.1 of @remix-run/express." }, "affects": [ { "ref": "pkg:npm/%40remix-run/express@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b69ead5-46ae-5951-8fe3-29fe1effd646", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 1.19.3-tuxcare.1 of @remix-run/express." }, "affects": [ { "ref": "pkg:npm/%40remix-run/express@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2d58dbe4-2946-58a0-b6b9-c66a748e6985", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 1.19.3-tuxcare.1 of @remix-run/express." }, "affects": [ { "ref": "pkg:npm/%40remix-run/express@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e47cf68b-a56b-55c2-a8b8-e31f9dab4d40", "id": "CVE-2025-59057", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-59057 is fixed in version 1.19.3-tuxcare.1 of @remix-run/express." }, "affects": [ { "ref": "pkg:npm/%40remix-run/express@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca1d4e90-3bfc-5fc3-a208-5f7f30284054", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 1.19.3-tuxcare.1 of @remix-run/express." }, "affects": [ { "ref": "pkg:npm/%40remix-run/express@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:605d05c9-70f3-5914-9ec0-62ad472de727", "id": "CVE-2026-22030", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22030 affects version 1.19.3-tuxcare.1 of @remix-run/express." }, "affects": [ { "ref": "pkg:npm/%40remix-run/express@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb2b42be-12ef-5ff2-94f9-e2b97166b2cf", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 1.19.3-tuxcare.1 of @remix-run/express." }, "affects": [ { "ref": "pkg:npm/%40remix-run/express@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ddb11198-2f1b-5ead-a9d2-79f23dcae72a", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 1.19.3-tuxcare.1 of @remix-run/express." }, "affects": [ { "ref": "pkg:npm/%40remix-run/express@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d5a5f610-0feb-50ec-b5bd-dcff809e67b2", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 1.19.3-tuxcare.1 of @remix-run/express." }, "affects": [ { "ref": "pkg:npm/%40remix-run/express@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1948e5ad-5e3e-56df-9415-54f537aedc61", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 1.19.3-tuxcare.1 of @remix-run/express." }, "affects": [ { "ref": "pkg:npm/%40remix-run/express@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c82fdf49-d6d5-5114-9b75-9d10b97e633d", "id": "GHSA-g7r4-m6w7-qqqr", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-g7r4-m6w7-qqqr does not affect version 1.19.3-tuxcare.1 of @remix-run/express. not_affected \u2014 The target repository (Remix framework v1.19.3-tuxcare.1) is not affected by GHSA-g7r4-m6w7-qqqr. While esbuild v0.17.6 is a declared dependency, Remix does not use esbuild's development server functionality (the .serve() API with servedir) where the path traversal vulnerability exists. Remix uses esbuild exclusively for compilation/bundling and implements its own Express-based HTTP server for ..." }, "affects": [ { "ref": "pkg:npm/%40remix-run/express@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:97d1f611-45f8-5b0d-99fb-979cbb913f6f", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "false_positive", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr is a false positive for @remix-run/express 1.19.3-tuxcare.1." }, "affects": [ { "ref": "pkg:npm/%40remix-run/express@1.19.3-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40remix-run/express@1.19.3-tuxcare.1" } ] }