{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:44bd9fe9-85d1-5feb-882f-a23c44d5ca8e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40remix-run/netlify@1.19.3-tuxcare.1", "type": "library", "name": "@remix-run/netlify", "version": "1.19.3-tuxcare.1", "purl": "pkg:npm/%40remix-run/netlify@1.19.3-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b5a48cb4-a93a-5f5a-a96a-dc2d447bed52", "id": "CVE-2025-24010", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24010 affects version 1.19.3-tuxcare.1 of @remix-run/netlify." }, "affects": [ { "ref": "pkg:npm/%40remix-run/netlify@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:75a82931-d72f-554a-83ca-cfacca961909", "id": "CVE-2025-32014", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-32014 affects version 1.19.3-tuxcare.1 of @remix-run/netlify." }, "affects": [ { "ref": "pkg:npm/%40remix-run/netlify@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:74a1218a-df96-5911-9888-836dcc88a87d", "id": "CVE-2025-46565", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46565 affects version 1.19.3-tuxcare.1 of @remix-run/netlify." }, "affects": [ { "ref": "pkg:npm/%40remix-run/netlify@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:35ca007d-47e1-58b8-b133-c42983020a94", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 1.19.3-tuxcare.1 of @remix-run/netlify." }, "affects": [ { "ref": "pkg:npm/%40remix-run/netlify@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d43d876f-eb3f-55b1-ab54-f6a00ed19f4c", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 1.19.3-tuxcare.1 of @remix-run/netlify." }, "affects": [ { "ref": "pkg:npm/%40remix-run/netlify@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4a9f83a6-ba54-578f-bf2a-ea97afe70cea", "id": "CVE-2025-59057", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-59057 is fixed in version 1.19.3-tuxcare.1 of @remix-run/netlify." }, "affects": [ { "ref": "pkg:npm/%40remix-run/netlify@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6fe949d0-f526-5c33-9bf5-498b5463cf8f", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 1.19.3-tuxcare.1 of @remix-run/netlify." }, "affects": [ { "ref": "pkg:npm/%40remix-run/netlify@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f99212d4-75ba-577d-a916-ba44d5937a89", "id": "CVE-2026-22030", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22030 affects version 1.19.3-tuxcare.1 of @remix-run/netlify." }, "affects": [ { "ref": "pkg:npm/%40remix-run/netlify@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f82a2fde-56e9-5e8c-bf71-b87330c26353", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 1.19.3-tuxcare.1 of @remix-run/netlify." }, "affects": [ { "ref": "pkg:npm/%40remix-run/netlify@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37cf4d6b-8fdd-56eb-a07b-2c1b8605af2e", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 1.19.3-tuxcare.1 of @remix-run/netlify." }, "affects": [ { "ref": "pkg:npm/%40remix-run/netlify@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9907d7c9-231a-5b3c-99d1-6c834bf061f7", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 1.19.3-tuxcare.1 of @remix-run/netlify." }, "affects": [ { "ref": "pkg:npm/%40remix-run/netlify@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4d155400-52c6-5357-8a22-796cd2b30e19", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 1.19.3-tuxcare.1 of @remix-run/netlify." }, "affects": [ { "ref": "pkg:npm/%40remix-run/netlify@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b0fb96b-c80e-54f5-a0b0-1aa87a16688d", "id": "GHSA-g7r4-m6w7-qqqr", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-g7r4-m6w7-qqqr does not affect version 1.19.3-tuxcare.1 of @remix-run/netlify. not_affected \u2014 The target repository (Remix framework v1.19.3-tuxcare.1) is not affected by GHSA-g7r4-m6w7-qqqr. While esbuild v0.17.6 is a declared dependency, Remix does not use esbuild's development server functionality (the .serve() API with servedir) where the path traversal vulnerability exists. Remix uses esbuild exclusively for compilation/bundling and implements its own Express-based HTTP server for ..." }, "affects": [ { "ref": "pkg:npm/%40remix-run/netlify@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6fb07c7a-783e-51b5-ae11-15aade68117d", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "false_positive", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr is a false positive for @remix-run/netlify 1.19.3-tuxcare.1." }, "affects": [ { "ref": "pkg:npm/%40remix-run/netlify@1.19.3-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40remix-run/netlify@1.19.3-tuxcare.1" } ] }