{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3ab4a6e5-2e4b-5c8c-8e12-f91c543f6c5a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40remix-run/testing@1.19.3-tuxcare.1", "type": "library", "name": "@remix-run/testing", "version": "1.19.3-tuxcare.1", "purl": "pkg:npm/%40remix-run/testing@1.19.3-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f7fe6848-bd74-52e5-bc44-edab89aa9c1f", "id": "CVE-2025-24010", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24010 affects version 1.19.3-tuxcare.1 of @remix-run/testing." }, "affects": [ { "ref": "pkg:npm/%40remix-run/testing@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:50b02759-ac08-529d-b108-8a701b05cf13", "id": "CVE-2025-32014", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-32014 affects version 1.19.3-tuxcare.1 of @remix-run/testing." }, "affects": [ { "ref": "pkg:npm/%40remix-run/testing@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a2bc175-071e-5ee2-b6d8-da134fff296a", "id": "CVE-2025-46565", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46565 affects version 1.19.3-tuxcare.1 of @remix-run/testing." }, "affects": [ { "ref": "pkg:npm/%40remix-run/testing@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1a724662-4705-55b5-8e28-2b981f7c24ee", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 1.19.3-tuxcare.1 of @remix-run/testing." }, "affects": [ { "ref": "pkg:npm/%40remix-run/testing@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e83ce45-f90f-5ada-910a-fddaf41ae97d", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 1.19.3-tuxcare.1 of @remix-run/testing." }, "affects": [ { "ref": "pkg:npm/%40remix-run/testing@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c63f0847-17cf-5df7-959f-2aa4b23e92bc", "id": "CVE-2025-59057", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-59057 is fixed in version 1.19.3-tuxcare.1 of @remix-run/testing." }, "affects": [ { "ref": "pkg:npm/%40remix-run/testing@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b982a8a-a28f-5e34-9090-8c5494d75d21", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 1.19.3-tuxcare.1 of @remix-run/testing." }, "affects": [ { "ref": "pkg:npm/%40remix-run/testing@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b9f9c00d-5c8b-5e8a-a8f1-02c41a7f3ee3", "id": "CVE-2026-22030", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22030 affects version 1.19.3-tuxcare.1 of @remix-run/testing." }, "affects": [ { "ref": "pkg:npm/%40remix-run/testing@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:75b4b0ed-e906-5c94-96b1-337cc6a07a32", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 1.19.3-tuxcare.1 of @remix-run/testing." }, "affects": [ { "ref": "pkg:npm/%40remix-run/testing@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c5004c7e-c8ff-5f7c-ba96-c25f0e06e685", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 1.19.3-tuxcare.1 of @remix-run/testing." }, "affects": [ { "ref": "pkg:npm/%40remix-run/testing@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d66e68d0-b895-5c3d-afbc-167e1f5597e6", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 1.19.3-tuxcare.1 of @remix-run/testing." }, "affects": [ { "ref": "pkg:npm/%40remix-run/testing@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:032868ee-9a1d-5ce8-a065-307eb48df6f9", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 1.19.3-tuxcare.1 of @remix-run/testing." }, "affects": [ { "ref": "pkg:npm/%40remix-run/testing@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:db8c7eab-06d5-57c8-83fd-670f1597e8f5", "id": "GHSA-g7r4-m6w7-qqqr", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-g7r4-m6w7-qqqr does not affect version 1.19.3-tuxcare.1 of @remix-run/testing. not_affected \u2014 The target repository (Remix framework v1.19.3-tuxcare.1) is not affected by GHSA-g7r4-m6w7-qqqr. While esbuild v0.17.6 is a declared dependency, Remix does not use esbuild's development server functionality (the .serve() API with servedir) where the path traversal vulnerability exists. Remix uses esbuild exclusively for compilation/bundling and implements its own Express-based HTTP server for ..." }, "affects": [ { "ref": "pkg:npm/%40remix-run/testing@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e5757823-2b41-5f12-adb1-2513288ec3df", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "false_positive", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr is a false positive for @remix-run/testing 1.19.3-tuxcare.1." }, "affects": [ { "ref": "pkg:npm/%40remix-run/testing@1.19.3-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40remix-run/testing@1.19.3-tuxcare.1" } ] }