{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1caa8bd0-9e37-5d2c-9a74-ab646df73305", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2", "type": "library", "name": "@vitejs/plugin-legacy", "version": "4.5.5-tuxcare.2", "purl": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:37a1d530-3307-57f0-9f50-c84e5fbdff1a", "id": "CVE-2024-23331", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23331 affects version 4.5.5-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9f725373-b6f5-510f-b93b-2b777c2a45e7", "id": "CVE-2024-31207", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-31207 affects version 4.5.5-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:668a4ba9-7d26-5b4c-9211-53b05f6141a7", "id": "CVE-2024-45811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-45811 affects version 4.5.5-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:29095782-632e-564e-80ca-9a24e6ec99b8", "id": "CVE-2025-24010", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24010 is fixed in version 4.5.5-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:319685f7-7c52-57f4-9c55-5ed9c9aff495", "id": "CVE-2025-30208", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-30208 is fixed in version 4.5.5-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:52cb9f4c-a355-5537-8eb6-1044123ef562", "id": "CVE-2025-31125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31125 is fixed in version 4.5.5-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:68973354-c557-58b9-8fc6-f3cdbca7780d", "id": "CVE-2025-31486", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31486 is fixed in version 4.5.5-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e29c429-edfb-5bf3-be50-ac822c0c5eb3", "id": "CVE-2025-32395", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-32395 is fixed in version 4.5.5-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:119f35fb-b8da-5997-b221-d9a6f3c7c81c", "id": "CVE-2025-46565", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46565 is fixed in version 4.5.5-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bf3eae5a-3272-5284-b630-a0471df2c0df", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 4.5.5-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:84caa2fa-bd25-5f4e-856c-5e7deba197c3", "id": "CVE-2025-58752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-58752 is fixed in version 4.5.5-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d5cb36e2-a50e-52a1-9663-1467a960d0c6", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 4.5.5-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:736d9558-bf5e-5411-b151-de65a9f6b204", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 4.5.5-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8810195-9386-532d-96c5-630f8d1ed42e", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 4.5.5-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d1912c53-5041-5749-8a44-83d9e5a90c79", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 4.5.5-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27168d5d-a585-5a85-afac-971c5fe3e029", "id": "CVE-2026-53571", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53571 affects version 4.5.5-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca283c43-8150-5c26-9ced-cbe5c35f887e", "id": "GHSA-4w7w-66w2-5vf9", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-4w7w-66w2-5vf9 affects version 4.5.5-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1081a1bf-d46e-561a-b22e-8903bd8b242e", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 4.5.5-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d968a69a-314e-5d7f-8ad7-a53c8584166b", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "false_positive", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr is a false positive for @vitejs/plugin-legacy 4.5.5-tuxcare.2. GHSA-gv7w-rqvm-qjhr in esbuild 0.18.20 is withdrawn. Refer to esbuild 0.18.20 for details." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4282e6f4-ecef-58f3-9488-07c18fe3ff27", "id": "GHSA-v2wj-q39q-566r", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-v2wj-q39q-566r affects version 4.5.5-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.2" } ] }