{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:4eed1308-17cb-5889-ab78-9f92044358fd",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/nuxt@1.4.5",
      "type": "library",
      "name": "nuxt",
      "version": "1.4.5",
      "purl": "pkg:npm/nuxt@1.4.5"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:90913ad8-4064-51d2-9e8a-e081196d4dbe",
      "id": "CVE-2024-29180",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-29180 affects version 1.4.5 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@1.4.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:822ee9c4-c2bb-5946-be57-d6f704b3f1d7",
      "id": "CVE-2024-9506",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-9506 affects version 1.4.5 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@1.4.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6e45e6b5-f5ce-5764-9119-b985b5722fdc",
      "id": "CVE-2025-68458",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-68458 affects version 1.4.5 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@1.4.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:87fdae08-7f9e-5736-b9d8-46dd637bb2d4",
      "id": "CVE-2026-45669",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-45669 affects version 1.4.5 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@1.4.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:75d2396a-1a2d-5746-9836-c1c48b85c6b1",
      "id": "CVE-2026-46342",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-46342 affects version 1.4.5 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@1.4.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:392b44d3-7497-54a3-bec2-23eb11e92b04",
      "id": "CVE-2026-47200",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-47200 does not affect version 1.4.5 of nuxt. not_affected \u2014 Target repository (Nuxt 1.4.5) does not contain the vulnerable component islands feature. The vulnerability (CVE-2026-47200) is specific to Nuxt 3.x/4.x with experimental.componentIslands enabled, which was introduced ~4 years after this version. The /__nuxt_island/ endpoint pattern and associated island context handling do not exist in the target's architecture."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@1.4.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:26bd101e-9f38-5784-ad1a-256bf3eee44b",
      "id": "CVE-2026-53722",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-53722 affects version 1.4.5 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@1.4.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0fecd551-47d8-59f3-9cca-7dbd23728313",
      "id": "CVE-2026-56326",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-56326 does not affect version 1.4.5 of nuxt. not_affected \u2014 Nuxt 1.4.5 is not affected by CVE-2026-56326. This CVE targets the path-normalization vulnerability in the navigateTo composable (Nuxt 3.x/4.x), which does not exist in Nuxt 1.4.5's architecture. The vulnerability requires URL constructor normalization that transforms /..//evil.com into //evil.com before output, enabling protocol-relative URL redirects. Nuxt 1.4.5 uses a redirect helper with st..."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@1.4.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:33cbdc7a-bd9c-5f64-9e61-9a01088432d4",
      "id": "GHSA-c9cv-mq2m-ppp3",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability GHSA-c9cv-mq2m-ppp3 does not affect version 1.4.5 of nuxt. not_affected \u2014 The target repository (Nuxt 1.4.5) is not affected by GHSA-c9cv-mq2m-ppp3. The three vulnerabilities described in this advisory target APIs (navigateTo and reloadNuxtApp) that were introduced in Nuxt 3.x and do not exist in version 1.4.5. The target uses a fundamentally different navigation architecture that does not exhibit the vulnerable path-normalization behavior present in Nuxt 3.x/4.x."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@1.4.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d24ef5d9-1435-5917-9213-3ea76a37edec",
      "id": "GHSA-m3q2-p4fw-w38m",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability GHSA-m3q2-p4fw-w38m does not affect version 1.4.5 of nuxt. not_affected \u2014 Nuxt 1.4.5 does not contain the vulnerable <NoScript> component. The vulnerability (GHSA-m3q2-p4fw-w38m) affects the <NoScript> component from @unhead/vue introduced in Nuxt 3.x. Version 1.4.5 uses a fundamentally different architecture (vue-meta library with config-based head management) that predates the vulnerable component by several years."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@1.4.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b305399d-62ea-5610-b912-deb313fce6e7",
      "id": "GHSA-pgr8-jg6h-8gw6",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-pgr8-jg6h-8gw6 affects version 1.4.5 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@1.4.5"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/nuxt@1.4.5"
    }
  ]
}