{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b1a0a663-df3f-5392-968f-9b084a4bdeb0", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14", "type": "library", "name": "@vitejs/plugin-legacy", "version": "5.4.14", "purl": "pkg:npm/%40vitejs/plugin-legacy@5.4.14" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:953c9bec-c242-51bb-a3e3-5645aa609828", "id": "CVE-2025-24010", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24010 affects version 5.4.14 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14" } ] }, { "bom-ref": "urn:uuid:da96ea32-f5bd-5624-ae8e-32af0247d964", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 5.4.14 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14" } ] }, { "bom-ref": "urn:uuid:86c8fe74-6578-51a4-a6cb-cb11a8259adb", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 5.4.14 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14" } ] }, { "bom-ref": "urn:uuid:ed0a7de7-b6fb-5dac-b4de-31f21d27c297", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 5.4.14 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14" } ] }, { "bom-ref": "urn:uuid:94fe56f7-5062-5932-8abf-bd43cf43a8cc", "id": "CVE-2026-53571", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53571 affects version 5.4.14 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14" } ] }, { "bom-ref": "urn:uuid:c664c7f0-9a56-5e41-a4e2-43222ed48dc4", "id": "GHSA-4w7w-66w2-5vf9", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-4w7w-66w2-5vf9 affects version 5.4.14 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14" } ] }, { "bom-ref": "urn:uuid:e040d1d6-608e-5fd3-80dc-4b8908bc2ba5", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 5.4.14 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14" } ] }, { "bom-ref": "urn:uuid:cfad6681-32cb-5f43-b095-3a757a78941d", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "false_positive", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr is a false positive for @vitejs/plugin-legacy 5.4.14. false_positive \u2014 GHSA-gv7w-rqvm-qjhr concerns esbuild's Deno module (lib/deno/mod.ts) which is not present in this Vite repository. Vite uses esbuild as an npm package dependency, which uses the secure Node.js distribution (lib/npm/node-install.ts) that includes SHA-256 integrity verification. This is a wrong-project match." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14" } ] }, { "bom-ref": "urn:uuid:2baf9a7b-8624-562a-8ea8-07bdaa882ed4", "id": "GHSA-v2wj-q39q-566r", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-v2wj-q39q-566r affects version 5.4.14 of @vitejs/plugin-legacy." }, "affects": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40vitejs/plugin-legacy@5.4.14" } ] }