{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:60eb36b1-007d-5330-9f93-a5e184241e46", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.2", "type": "library", "name": "@vitejs/plugin-legacy", "version": "5.4.14-tuxcare.2", "purl": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:88297920-6409-554a-a940-1a0e2f4f2df0", "id": "CVE-2025-24010", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24010 affects version 5.4.14-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a110a116-17ae-5035-88be-9190423a4560", "id": "CVE-2025-30208", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-30208 is fixed in version 5.4.14-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d9111909-dbf0-572a-8bd9-04de91505a64", "id": "CVE-2025-31125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31125 is fixed in version 5.4.14-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:90fd5627-a559-5934-bdb1-02ea17376425", "id": "CVE-2025-31486", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31486 is fixed in version 5.4.14-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6efe75d-8335-518c-8607-bead6a63259f", "id": "CVE-2025-32395", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-32395 is fixed in version 5.4.14-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d8e6f25-a59c-5e39-9b5d-08d0943259c5", "id": "CVE-2025-46565", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46565 is fixed in version 5.4.14-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:90b56ab6-d230-569b-a6cc-9992f2603753", "id": "CVE-2025-58751", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-58751 is fixed in version 5.4.14-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5765ab2b-543c-5cf2-aaff-3d89971ce555", "id": "CVE-2025-58752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-58752 is fixed in version 5.4.14-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a03e144b-67fc-55b9-9e89-467016223791", "id": "CVE-2025-62522", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-62522 is fixed in version 5.4.14-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0ec47a30-7dca-5f5c-bd5b-35d4ff9bb9f0", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 5.4.14-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f4c69e47-20b9-532f-97e0-20cfc5e5f311", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 5.4.14-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc21a9e2-1e86-5c7d-99af-fa99989f3933", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 5.4.14-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:15c06d62-da52-501d-973d-af314a2fddc2", "id": "CVE-2026-53571", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53571 affects version 5.4.14-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b18a5315-39ba-51db-9966-5a247a18024e", "id": "GHSA-4w7w-66w2-5vf9", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-4w7w-66w2-5vf9 affects version 5.4.14-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:024daad5-9663-5247-a9e7-924997e9932d", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 5.4.14-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc9315b8-3957-5ce4-aab1-0cdd6fb14c18", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "false_positive", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr is a false positive for @vitejs/plugin-legacy 5.4.14-tuxcare.2. false_positive \u2014 GHSA-gv7w-rqvm-qjhr concerns esbuild's Deno module (lib/deno/mod.ts) which is not present in this Vite repository. Vite uses esbuild as an npm package dependency, which uses the secure Node.js distribution (lib/npm/node-install.ts) that includes SHA-256 integrity verification. This is a wrong-project match." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:396a5983-9400-58de-bc4d-724b80dca825", "id": "GHSA-v2wj-q39q-566r", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-v2wj-q39q-566r affects version 5.4.14-tuxcare.2 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14-tuxcare.2" } ] }