{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:64763e8d-6dac-58d6-8450-8e82e64d9094", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.1", "type": "library", "name": "@vitejs/plugin-legacy", "version": "5.4.14-tuxcare.1", "purl": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5db74a0a-e0d8-572a-a729-75f5fd780923", "id": "CVE-2025-24010", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24010 affects version 5.4.14-tuxcare.1 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8ef369e9-ad68-5140-b645-9a2414aee973", "id": "CVE-2025-30208", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-30208 is fixed in version 5.4.14-tuxcare.1 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:26a8ccc1-d429-53e2-8fb7-d0931105d869", "id": "CVE-2025-31125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31125 affects version 5.4.14-tuxcare.1 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e2d2b47c-f60f-5bf8-a514-3467fdfade61", "id": "CVE-2025-31486", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31486 is fixed in version 5.4.14-tuxcare.1 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:94d44005-2567-5532-a081-4da12fae291b", "id": "CVE-2025-32395", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-32395 is fixed in version 5.4.14-tuxcare.1 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2f7423f3-2308-563a-8fa6-a47d97c3c3b9", "id": "CVE-2025-46565", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46565 is fixed in version 5.4.14-tuxcare.1 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:977a6371-e5b9-5d90-8492-32d01c3c8763", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 5.4.14-tuxcare.1 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:302cab24-7b1b-56c3-9f24-6752f888e4c5", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 5.4.14-tuxcare.1 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3ab8514-ae85-59bd-ab9a-078bad54be95", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 5.4.14-tuxcare.1 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8589c4ca-a320-50d5-81fe-36538e440b3a", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 5.4.14-tuxcare.1 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af78cf70-c0eb-5ade-a826-a1a2d7ebdfee", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 5.4.14-tuxcare.1 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4351aa23-0d8a-5811-8526-4a837fd103ea", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 5.4.14-tuxcare.1 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:117427ce-9323-5a7c-a739-8c9deca1bf35", "id": "CVE-2026-53571", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53571 affects version 5.4.14-tuxcare.1 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6d51a48-fed4-5c11-9dd8-6d50f1ca5fd5", "id": "GHSA-4w7w-66w2-5vf9", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-4w7w-66w2-5vf9 affects version 5.4.14-tuxcare.1 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6aca5b26-813a-50c9-b59d-c14b54ceaca3", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 5.4.14-tuxcare.1 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df8ab973-4e90-5203-b1c6-11b49908633e", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "false_positive", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr is a false positive for @vitejs/plugin-legacy 5.4.14-tuxcare.1. false_positive \u2014 GHSA-gv7w-rqvm-qjhr concerns esbuild's Deno module (lib/deno/mod.ts) which is not present in this Vite repository. Vite uses esbuild as an npm package dependency, which uses the secure Node.js distribution (lib/npm/node-install.ts) that includes SHA-256 integrity verification. This is a wrong-project match." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2f7e27fb-2e12-5a2d-988c-530f30edf519", "id": "GHSA-v2wj-q39q-566r", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-v2wj-q39q-566r affects version 5.4.14-tuxcare.1 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.1" } ] }