{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:8bd0342c-f784-5796-881e-f158dc8adfb4",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/create-remix@1.19.3",
      "type": "library",
      "name": "create-remix",
      "version": "1.19.3",
      "purl": "pkg:npm/create-remix@1.19.3"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:36e4c59d-43e7-5f37-a577-816eb98f45cd",
      "id": "CVE-2025-24010",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-24010 affects version 1.19.3 of create-remix."
      },
      "affects": [
        {
          "ref": "pkg:npm/create-remix@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f2cf7682-53eb-5702-bb29-f9c61be0fd39",
      "id": "CVE-2025-32014",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-32014 affects version 1.19.3 of create-remix."
      },
      "affects": [
        {
          "ref": "pkg:npm/create-remix@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:23409e75-7e57-56d6-b14a-f7243c5aec26",
      "id": "CVE-2025-46565",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-46565 affects version 1.19.3 of create-remix."
      },
      "affects": [
        {
          "ref": "pkg:npm/create-remix@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4d9eb993-eb97-5629-b900-c24ee7b4f1aa",
      "id": "CVE-2025-58751",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-58751 affects version 1.19.3 of create-remix."
      },
      "affects": [
        {
          "ref": "pkg:npm/create-remix@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d6cebb9c-8ce5-53c3-a0d1-f0d44ad07db8",
      "id": "CVE-2025-58752",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-58752 affects version 1.19.3 of create-remix."
      },
      "affects": [
        {
          "ref": "pkg:npm/create-remix@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:eb5e6ebd-7d4e-5d58-9f7c-d92746a72c5e",
      "id": "CVE-2025-62522",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-62522 affects version 1.19.3 of create-remix."
      },
      "affects": [
        {
          "ref": "pkg:npm/create-remix@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5750f687-0a84-5bb9-b834-91436142c24c",
      "id": "CVE-2026-22030",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22030 affects version 1.19.3 of create-remix."
      },
      "affects": [
        {
          "ref": "pkg:npm/create-remix@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a36c3c3e-16e0-5825-9d7f-27b2c2f5d2b2",
      "id": "CVE-2026-39363",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39363 affects version 1.19.3 of create-remix."
      },
      "affects": [
        {
          "ref": "pkg:npm/create-remix@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:dc90355a-4d70-515f-bb94-2f9fc3c30d48",
      "id": "CVE-2026-39364",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39364 affects version 1.19.3 of create-remix."
      },
      "affects": [
        {
          "ref": "pkg:npm/create-remix@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5a57b376-4efd-59cd-a05f-f210e7a0df28",
      "id": "CVE-2026-39365",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39365 affects version 1.19.3 of create-remix."
      },
      "affects": [
        {
          "ref": "pkg:npm/create-remix@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:37ed3a5c-7f48-55d8-9147-1ccebcb4da34",
      "id": "GHSA-67mh-4wv8-2f99",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 1.19.3 of create-remix."
      },
      "affects": [
        {
          "ref": "pkg:npm/create-remix@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4bff6238-fab6-58a1-a8b4-f05451fa1f60",
      "id": "GHSA-g7r4-m6w7-qqqr",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability GHSA-g7r4-m6w7-qqqr does not affect version 1.19.3 of create-remix. not_affected \u2014 The target repository (Remix framework v1.19.3-tuxcare.1) is not affected by GHSA-g7r4-m6w7-qqqr. While esbuild v0.17.6 is a declared dependency, Remix does not use esbuild's development server functionality (the .serve() API with servedir) where the path traversal vulnerability exists. Remix uses esbuild exclusively for compilation/bundling and implements its own Express-based HTTP server for ..."
      },
      "affects": [
        {
          "ref": "pkg:npm/create-remix@1.19.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:db9082a4-5e1b-59f1-9f19-00ead9ced5fa",
      "id": "GHSA-gv7w-rqvm-qjhr",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr is a false positive for create-remix 1.19.3."
      },
      "affects": [
        {
          "ref": "pkg:npm/create-remix@1.19.3"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/create-remix@1.19.3"
    }
  ]
}