{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:de60cd4a-66e3-5e3b-b985-a4f578bf7069", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/nuxt@3.12.4-tuxcare.4", "type": "library", "name": "nuxt", "version": "3.12.4-tuxcare.4", "purl": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6c3734ad-4074-52f2-9513-c012c5bea3b6", "id": "CVE-2022-25852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25852 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fd54c8b9-c0f2-5fa3-a501-44350380cca9", "id": "CVE-2025-24360", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24360 is fixed in version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:18f8646a-5236-553b-95a0-b8164e0e9827", "id": "CVE-2025-24361", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24361 is fixed in version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:35f2d17c-9f27-5b07-af92-29736fc88893", "id": "CVE-2025-27415", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-27415 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:80dd80d7-ee0a-598b-aad9-c2974d754a6a", "id": "CVE-2025-52662", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52662 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0f9f2cbf-77bd-5c55-b03c-c63f45230f93", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:375a0cb2-550e-599e-9f3f-66061dad85a8", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a931680f-050e-59f0-bbad-4b8c92c9a0e3", "id": "CVE-2025-59414", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59414 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5ccb4958-1156-5c53-931e-92792f481291", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bae62776-e2b8-52f2-b20b-d1d4457ec3b7", "id": "CVE-2026-25128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25128 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c9f3ec78-bd94-5799-ba3f-13535f6936fa", "id": "CVE-2026-31860", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-31860 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2c0bc34b-3b34-5e21-887f-635211d37b35", "id": "CVE-2026-31873", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-31873 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:664ee27c-def4-5a58-ad82-ae991724928a", "id": "CVE-2026-32887", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32887 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9c1cf89e-21a1-501a-8455-90e067e5b6dc", "id": "CVE-2026-33128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33128 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6029a1e7-c801-56dd-b4b6-42522f19f43e", "id": "CVE-2026-33129", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33129 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8e70fbf6-5bb4-569e-b828-d170919cb828", "id": "CVE-2026-33131", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33131 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0749e21a-546b-5edf-afb2-c21a07b8358f", "id": "CVE-2026-33490", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33490 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4b1d5026-84bf-5664-a358-1382cbca61ac", "id": "CVE-2026-39315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39315 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bfde0c71-1658-529c-ac1f-26d687e305b9", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:016e97db-d49c-528a-9894-5cd19ecf5d2c", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:665ab588-5418-5dd3-9807-a15e9db6c9cf", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:45d08fd5-84d2-5c53-b05e-8e744c4e8b6e", "id": "CVE-2026-39406", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39406 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d77c7aa4-9f09-54c6-a814-6f846c0dc9f6", "id": "CVE-2026-41305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41305 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2b0960de-f94c-5ffd-a2bc-c6d97c0df45a", "id": "CVE-2026-42338", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2026-42338 is a false positive for nuxt 3.12.4-tuxcare.4. false_positive \u2014 CVE-2026-42338 is a false positive match for this repository. The CVE concerns the 'ip-address' npm package (specifically XSS vulnerabilities in the Address6 class), but this repository is 'nuxt' (Nuxt.js web framework version 3.12.4-tuxcare.5). Exhaustive search confirmed that the ip-address package is not present in this repository as the project itself, as a vendored/bundled copy, or as a de..." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:201f4731-a7f4-5e45-ba22-a98ebefd265f", "id": "CVE-2026-44372", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44372 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d7edc187-0dc0-50ee-a446-b2ca3f5a6423", "id": "CVE-2026-44373", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44373 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:35883d73-9cae-5dad-8b97-6052455f3a22", "id": "CVE-2026-45669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45669 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5529c9b8-887a-5853-90b3-05a9be6522d8", "id": "CVE-2026-46342", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46342 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:847cfa9c-2881-51cf-8d4e-92be8e304e92", "id": "CVE-2026-47200", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47200 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:64c393a5-517e-5b68-8508-8731e0240afe", "id": "CVE-2026-53571", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53571 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7a777500-0f54-588f-9649-da33707796a1", "id": "CVE-2026-53721", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53721 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4b7082bd-ae52-5b07-8079-1bd8bce77eef", "id": "CVE-2026-53722", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53722 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2a8af597-cfe0-5246-9127-4d63bb5bd505", "id": "CVE-2026-56326", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-56326 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:49e86639-431c-5826-94d7-c68234ea3cd1", "id": "GHSA-4hxc-9384-m385", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-4hxc-9384-m385 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ce091dcb-48fe-575c-abf9-ab604773bb6b", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5e6df0d5-0ac6-54e6-91a9-460ba2467225", "id": "GHSA-c9cv-mq2m-ppp3", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-c9cv-mq2m-ppp3 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cbe389a9-21d0-5698-b32f-5499f865e453", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr does not affect version 3.12.4-tuxcare.4 of nuxt. not_affected \u2014 Nuxt.js is not affected by GHSA-gv7w-rqvm-qjhr. The vulnerability exists only in esbuild's Deno module distribution (lib/deno/mod.ts), which lacks SHA-256 integrity verification for downloaded binaries. Nuxt uses esbuild as an npm package dependency for Node.js, which uses a completely different installation path (lib/npm/node-install.ts) that already includes the binaryIntegrityCheck() protect..." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5c5ccb04-98da-5f69-a084-417c6c30cf8a", "id": "GHSA-m3q2-p4fw-w38m", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-m3q2-p4fw-w38m does not affect version 3.12.4-tuxcare.4 of nuxt. not_affected \u2014 Target version (nuxt@3.12.4-tuxcare.5) is NOT affected by GHSA-m3q2-p4fw-w38m. The vulnerability was introduced 1754 commits AFTER v3.12.4 when Nuxt upgraded from unhead v1 to v2 in v3.16.0. The target uses a fundamentally different, older implementation that does not contain the vulnerable innerHTML pattern." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8ebf6a65-4b89-51b9-b927-84607e1dd57c", "id": "GHSA-q5pr-72pq-83v3", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-q5pr-72pq-83v3 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e55d2d6d-faea-5305-82da-156c3a1f46cb", "id": "GHSA-w5hq-g745-h8pq", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-w5hq-g745-h8pq affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a929d41b-8170-5ee3-b6e1-8fa3af58abf5", "id": "GHSA-wr4h-v87w-p3r7", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-wr4h-v87w-p3r7 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c2f3cc55-ab97-5693-bf18-a58a598f0095", "id": "GHSA-x7mm-9vvv-64w8", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-x7mm-9vvv-64w8 affects version 3.12.4-tuxcare.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:npm/nuxt@3.12.4-tuxcare.4" } ] }