{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bc556bca-ebd4-5d92-be2d-7c72431d36e3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4", "type": "library", "name": "@vitejs/plugin-legacy", "version": "4.5.5-tuxcare.4", "purl": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:845d78de-6b87-5bf2-8e3d-d8bbe8b76e64", "id": "CVE-2024-23331", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23331 affects version 4.5.5-tuxcare.4 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:00107051-2102-5673-a4fd-7cc5d117a404", "id": "CVE-2024-31207", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-31207 affects version 4.5.5-tuxcare.4 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7043f55c-467a-55ad-bc9e-725afc6f42da", "id": "CVE-2024-45811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-45811 affects version 4.5.5-tuxcare.4 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:85faa1de-fb01-5160-85b0-9a9c52012ded", "id": "CVE-2025-24010", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24010 is fixed in version 4.5.5-tuxcare.4 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dda70a3b-8846-5e2d-99d4-8d8b24bf2a47", "id": "CVE-2025-30208", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-30208 is fixed in version 4.5.5-tuxcare.4 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:02630dab-be85-5a77-8957-a5a9dda3eb71", "id": "CVE-2025-31125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31125 is fixed in version 4.5.5-tuxcare.4 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f0f33570-885c-57a4-8945-f82049b2e4c3", "id": "CVE-2025-31486", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31486 is fixed in version 4.5.5-tuxcare.4 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:22831c34-7fbe-5b7d-a39b-b6622d483179", "id": "CVE-2025-32395", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-32395 is fixed in version 4.5.5-tuxcare.4 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:be2ba88a-fbee-57a2-89dc-2017962a7707", "id": "CVE-2025-46565", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46565 is fixed in version 4.5.5-tuxcare.4 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:29893f58-176a-550c-9ca9-7f4678c5b6bb", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 4.5.5-tuxcare.4 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8cac71cc-01b3-5e00-8cad-036b3d72db8c", "id": "CVE-2025-58752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-58752 is fixed in version 4.5.5-tuxcare.4 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:48cc5c6c-dc42-5071-9a53-292aee287339", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 4.5.5-tuxcare.4 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8f1ced6c-6231-5e8d-a1d5-4c03b5d9d9e7", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 4.5.5-tuxcare.4 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c5314ebe-52d6-50b2-b321-78ee97d23540", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 4.5.5-tuxcare.4 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:53ee0437-a652-5089-b8c7-d0fea91ccfcb", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 4.5.5-tuxcare.4 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6f311985-e17c-588c-87ff-1f2575fbce92", "id": "CVE-2026-53571", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53571 affects version 4.5.5-tuxcare.4 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ae93636a-a05a-5e32-b303-af426d62a5f9", "id": "GHSA-4w7w-66w2-5vf9", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-4w7w-66w2-5vf9 affects version 4.5.5-tuxcare.4 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a759f9ca-c141-5cb8-abb3-7e626dce3df8", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 4.5.5-tuxcare.4 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:920b2a01-2ff0-5cd2-a648-f687e8ca44db", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "false_positive", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr is a false positive for @vitejs/plugin-legacy 4.5.5-tuxcare.4. GHSA-gv7w-rqvm-qjhr in esbuild 0.18.20 is withdrawn. Refer to esbuild 0.18.20 for details." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6a52ad88-7f19-5c63-acf9-7ca0467fb45c", "id": "GHSA-v2wj-q39q-566r", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-v2wj-q39q-566r affects version 4.5.5-tuxcare.4 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5-tuxcare.4" } ] }