{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6a4ca5a0-b468-5984-b46d-5c4f613e9e37", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/nuxt@3.12.4-tuxcare.2", "type": "library", "name": "nuxt", "version": "3.12.4-tuxcare.2", "purl": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:982e478f-460f-559a-abec-bcdac684915d", "id": "CVE-2022-25852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25852 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd8d24cc-19f7-59f6-9e63-73a3a9f1d751", "id": "CVE-2025-24360", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24360 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b5c5ddcb-449a-5d25-aa9f-4fe1e8c3b8a9", "id": "CVE-2025-24361", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24361 is fixed in version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aa202b9f-e401-5b6f-88b0-a769a8b926e2", "id": "CVE-2025-27415", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-27415 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d0de4165-6ed3-5fce-a1ab-3bbd4c320f38", "id": "CVE-2025-52662", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52662 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:066b57c2-0a51-58a8-95a0-6569eb46d8b2", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:13743459-4bfb-5d14-b442-bb2e6a3810b0", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f7296e54-c12d-5fe8-9ce6-1fc912b29edd", "id": "CVE-2025-59414", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59414 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c5deeebf-7ede-5f0d-b749-49a52bb3fbf5", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a5d83018-000e-59ec-9caf-dbf0e1b7ce34", "id": "CVE-2026-25128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25128 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:34c97d89-8d75-5f5a-9faa-96e029630f64", "id": "CVE-2026-31860", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-31860 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:60c15eab-df2c-5d39-80a8-e79d07515677", "id": "CVE-2026-31873", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-31873 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1d5a1639-8a2e-5c0c-a012-a6c12b30f2a7", "id": "CVE-2026-32887", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32887 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c786c6be-39c0-54e1-a0c8-4bd2ba12c8f8", "id": "CVE-2026-33128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33128 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d498fa8b-51b7-5841-88c6-fd02f3f77103", "id": "CVE-2026-33129", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33129 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54e510bd-4f7b-52db-a34e-d4dc4fc4389e", "id": "CVE-2026-33131", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33131 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3f689b09-16bd-57b9-9bff-721a295fceeb", "id": "CVE-2026-33490", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33490 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e2d39349-c8ac-575c-8ea6-458bb10d8228", "id": "CVE-2026-39315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39315 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a103423-c705-5c5a-9b64-18986e045150", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2b446647-104e-5442-93ca-965c14e1bb6f", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c9a569ff-de4c-5312-8ca7-063953ae4235", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:06386129-708f-5edd-986f-0ef6bb4d1ee7", "id": "CVE-2026-39406", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39406 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d0f0e78f-997d-5ad6-8dad-3a64f3a1be0d", "id": "CVE-2026-41305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41305 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:86f6629f-c4fb-5890-ba50-c97605b259ac", "id": "CVE-2026-42338", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2026-42338 is a false positive for nuxt 3.12.4-tuxcare.2. false_positive \u2014 CVE-2026-42338 is a false positive match for this repository. The CVE concerns the 'ip-address' npm package (specifically XSS vulnerabilities in the Address6 class), but this repository is 'nuxt' (Nuxt.js web framework version 3.12.4-tuxcare.5). Exhaustive search confirmed that the ip-address package is not present in this repository as the project itself, as a vendored/bundled copy, or as a de..." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8e53a7be-4451-5f1f-9ba2-a51705e0044c", "id": "CVE-2026-44372", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44372 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:edbc1127-295a-5c7c-9efa-79412a5e896c", "id": "CVE-2026-44373", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44373 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2ef9fd03-3e49-55d2-89bf-1292dff14be7", "id": "CVE-2026-45669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45669 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1a96838-8086-5f9c-9055-4eeff8e23e34", "id": "CVE-2026-46342", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46342 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23c1e088-e343-502f-9e98-bd133ac3a54a", "id": "CVE-2026-47200", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47200 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a21aa2ee-be6a-5d22-9855-aaa43a2262ec", "id": "CVE-2026-53571", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53571 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c098b176-57d3-505e-8e77-7e830c2b05f2", "id": "CVE-2026-53721", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53721 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:920a9310-b354-54fa-a015-652d6544c905", "id": "CVE-2026-53722", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53722 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a060655b-2539-51b1-947b-e2dd5a5d279c", "id": "CVE-2026-56326", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-56326 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f3d4d349-e912-5f37-b19c-f76998a0169d", "id": "GHSA-4hxc-9384-m385", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-4hxc-9384-m385 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c61e57e4-09de-5e9b-8cf0-88818fb4088e", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5740a2a7-e9a6-5beb-a400-dcaea4452428", "id": "GHSA-c9cv-mq2m-ppp3", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-c9cv-mq2m-ppp3 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3021e96d-97bb-5f12-8419-481929f3828c", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr does not affect version 3.12.4-tuxcare.2 of nuxt. not_affected \u2014 Nuxt.js is not affected by GHSA-gv7w-rqvm-qjhr. The vulnerability exists only in esbuild's Deno module distribution (lib/deno/mod.ts), which lacks SHA-256 integrity verification for downloaded binaries. Nuxt uses esbuild as an npm package dependency for Node.js, which uses a completely different installation path (lib/npm/node-install.ts) that already includes the binaryIntegrityCheck() protect..." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7815970b-5a2e-5ceb-9a50-48985267ad3f", "id": "GHSA-m3q2-p4fw-w38m", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-m3q2-p4fw-w38m does not affect version 3.12.4-tuxcare.2 of nuxt. not_affected \u2014 Target version (nuxt@3.12.4-tuxcare.5) is NOT affected by GHSA-m3q2-p4fw-w38m. The vulnerability was introduced 1754 commits AFTER v3.12.4 when Nuxt upgraded from unhead v1 to v2 in v3.16.0. The target uses a fundamentally different, older implementation that does not contain the vulnerable innerHTML pattern." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d95e5fce-09f5-56d5-9722-b7f19454e0de", "id": "GHSA-q5pr-72pq-83v3", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-q5pr-72pq-83v3 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:61280fc6-5743-55e5-8edb-393cd8f9938c", "id": "GHSA-w5hq-g745-h8pq", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-w5hq-g745-h8pq affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4b77e5b2-bf0c-5e6c-a5cb-ca98b45940c2", "id": "GHSA-wr4h-v87w-p3r7", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-wr4h-v87w-p3r7 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b47a6e19-8c1b-5ba7-acbd-6bc9ae6db3f9", "id": "GHSA-x7mm-9vvv-64w8", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-x7mm-9vvv-64w8 affects version 3.12.4-tuxcare.2 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.2" } ] }