{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1629a5d8-23ec-5cc3-8538-ae4bc18bd0e1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40remix-run/vercel@1.19.3-tuxcare.1", "type": "library", "name": "@remix-run/vercel", "version": "1.19.3-tuxcare.1", "purl": "pkg:npm/%40remix-run/vercel@1.19.3-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:263e2713-1c6a-5608-8775-410add9f79fe", "id": "CVE-2025-24010", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24010 affects version 1.19.3-tuxcare.1 of @remix-run/vercel." }, "affects": [ { "ref": "pkg:npm/%40remix-run/vercel@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:66ad0114-c8e8-551b-9b4b-cce771d12bb8", "id": "CVE-2025-32014", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-32014 affects version 1.19.3-tuxcare.1 of @remix-run/vercel." }, "affects": [ { "ref": "pkg:npm/%40remix-run/vercel@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:03860efa-2298-5996-b4da-25a4b4b6f5dc", "id": "CVE-2025-46565", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-46565 affects version 1.19.3-tuxcare.1 of @remix-run/vercel." }, "affects": [ { "ref": "pkg:npm/%40remix-run/vercel@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:157e23b1-d8f0-50a3-9820-a4b35ef2502b", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 1.19.3-tuxcare.1 of @remix-run/vercel." }, "affects": [ { "ref": "pkg:npm/%40remix-run/vercel@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ca53732-40eb-5dea-a1f1-1a1f525c00cf", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 1.19.3-tuxcare.1 of @remix-run/vercel." }, "affects": [ { "ref": "pkg:npm/%40remix-run/vercel@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c7e2e5d5-341b-5312-b475-ee0a05959b60", "id": "CVE-2025-59057", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-59057 is fixed in version 1.19.3-tuxcare.1 of @remix-run/vercel." }, "affects": [ { "ref": "pkg:npm/%40remix-run/vercel@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b043254c-a40b-5178-955c-8c7a43cd7857", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 1.19.3-tuxcare.1 of @remix-run/vercel." }, "affects": [ { "ref": "pkg:npm/%40remix-run/vercel@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e61d25b-21f8-58fb-9a9a-70bfa5da9804", "id": "CVE-2026-22030", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22030 affects version 1.19.3-tuxcare.1 of @remix-run/vercel." }, "affects": [ { "ref": "pkg:npm/%40remix-run/vercel@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d379ae25-1b3f-5724-a22a-f9b2bd6265c0", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 1.19.3-tuxcare.1 of @remix-run/vercel." }, "affects": [ { "ref": "pkg:npm/%40remix-run/vercel@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:15fb2215-4d1e-5312-8d3e-a5a984cce306", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 1.19.3-tuxcare.1 of @remix-run/vercel." }, "affects": [ { "ref": "pkg:npm/%40remix-run/vercel@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d8246333-f0c7-594d-8c14-59cb3341116d", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 1.19.3-tuxcare.1 of @remix-run/vercel." }, "affects": [ { "ref": "pkg:npm/%40remix-run/vercel@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:49572cd0-c1fd-54d6-a7b6-1767a77c189d", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 1.19.3-tuxcare.1 of @remix-run/vercel." }, "affects": [ { "ref": "pkg:npm/%40remix-run/vercel@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:79d95f04-69d3-5c3c-acbc-5c811d27356f", "id": "GHSA-g7r4-m6w7-qqqr", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-g7r4-m6w7-qqqr does not affect version 1.19.3-tuxcare.1 of @remix-run/vercel. not_affected \u2014 The target repository (Remix framework v1.19.3-tuxcare.1) is not affected by GHSA-g7r4-m6w7-qqqr. While esbuild v0.17.6 is a declared dependency, Remix does not use esbuild's development server functionality (the .serve() API with servedir) where the path traversal vulnerability exists. Remix uses esbuild exclusively for compilation/bundling and implements its own Express-based HTTP server for ..." }, "affects": [ { "ref": "pkg:npm/%40remix-run/vercel@1.19.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c48bfaab-356b-585e-a7f6-744308054ce2", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "false_positive", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr is a false positive for @remix-run/vercel 1.19.3-tuxcare.1." }, "affects": [ { "ref": "pkg:npm/%40remix-run/vercel@1.19.3-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40remix-run/vercel@1.19.3-tuxcare.1" } ] }