{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4c69d8b3-b4ba-5d6c-b0bf-646abf46f070", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5", "type": "library", "name": "@vitejs/plugin-legacy", "version": "4.5.5", "purl": "pkg:npm/%40vitejs/plugin-legacy@4.5.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:de8db0e0-7330-5862-96f9-b7a92a43f144", "id": "CVE-2024-23331", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23331 affects version 4.5.5 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5" } ] }, { "bom-ref": "urn:uuid:d1c3ae24-6892-5ab0-bbc9-73aefe0a6221", "id": "CVE-2024-31207", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-31207 affects version 4.5.5 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5" } ] }, { "bom-ref": "urn:uuid:342f0392-e20a-589a-90af-af71fcac6d86", "id": "CVE-2024-45811", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-45811 affects version 4.5.5 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5" } ] }, { "bom-ref": "urn:uuid:565a9c23-523e-50e9-b9a6-c8bf26d5ae88", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 4.5.5 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5" } ] }, { "bom-ref": "urn:uuid:1842ac8e-8fdf-5d60-ad04-42d2615968fa", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 4.5.5 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5" } ] }, { "bom-ref": "urn:uuid:191076e1-99ff-53b3-a03b-35bbc45fa4f6", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 4.5.5 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5" } ] }, { "bom-ref": "urn:uuid:afa9595a-f9c7-56a9-b2c3-ee33e385d31e", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 4.5.5 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5" } ] }, { "bom-ref": "urn:uuid:405c3a89-ad37-562d-a2f9-ca4608bedce8", "id": "CVE-2026-53571", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53571 affects version 4.5.5 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5" } ] }, { "bom-ref": "urn:uuid:6fbe29b6-83d0-587c-9da2-0be49431b642", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 4.5.5 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5" } ] }, { "bom-ref": "urn:uuid:becaa646-ec12-5688-ac88-88c1fc259c55", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "false_positive", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr is a false positive for @vitejs/plugin-legacy 4.5.5. GHSA-gv7w-rqvm-qjhr in esbuild 0.18.20 is withdrawn. Refer to esbuild 0.18.20 for details." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@4.5.5" } ] }