{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d5e2dd0d-15c2-5d85-8482-574686ab0a1d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/nuxt@3.12.4", "type": "library", "name": "nuxt", "version": "3.12.4", "purl": "pkg:npm/nuxt@3.12.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:98b6175c-18be-5b5c-9427-58225eeecd84", "id": "CVE-2022-25852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-25852 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:35760486-79e7-5fdc-adac-93dbfd21d08a", "id": "CVE-2025-27415", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-27415 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:5d490668-571a-5ae1-a537-d6378d8402d5", "id": "CVE-2025-52662", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-52662 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:e7e37e6f-b5dd-525c-8d55-89f746849ce0", "id": "CVE-2025-58751", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58751 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:7df48168-329f-5a86-ab63-314d5710eef0", "id": "CVE-2025-58752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58752 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:d0317595-55ec-5f0c-be8c-6d88f740f14c", "id": "CVE-2025-59414", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59414 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:c43b0f1d-bcc5-5b8a-9e74-0c0d6263f727", "id": "CVE-2025-62522", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-62522 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:5cfb7c7d-369b-5f7f-bebe-4c1d0836c00e", "id": "CVE-2026-25128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25128 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:a3f917e4-88a9-5f1d-9847-070d7559c452", "id": "CVE-2026-31860", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-31860 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:9e85ee02-15dc-545e-9aa6-b3736c3b424b", "id": "CVE-2026-31873", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-31873 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:28dac8bc-541d-5582-9410-14eec5664443", "id": "CVE-2026-32887", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32887 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:fd7548d0-eaba-586f-8bec-6fad29ef51c5", "id": "CVE-2026-33128", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33128 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:148d29d8-053e-5e19-9ee0-9b08de56fbf6", "id": "CVE-2026-33129", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33129 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:9a2b64a0-c301-5ddd-bc5c-c8ed5241e375", "id": "CVE-2026-33131", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33131 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:f584b09a-4a1c-54a5-ab7d-d9eb9158aee4", "id": "CVE-2026-33490", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33490 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:da076e31-22d2-50f9-b725-a300e91667ee", "id": "CVE-2026-39315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39315 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:d5f06ba6-b120-5a49-b36e-8fe571ca3f54", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:f3234141-6096-5c02-b17b-80f94e9c39fa", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:3ee0b055-e91c-5663-84f5-324cd93ed4b3", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:4c7b3d0f-7af1-57b8-8303-3cf627626797", "id": "CVE-2026-39406", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39406 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:6dbca44b-5ee4-5f2d-b9b2-3595c19c8097", "id": "CVE-2026-41305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41305 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:dcc06820-5204-5f7f-b39c-9006562cacd0", "id": "CVE-2026-42338", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2026-42338 is a false positive for nuxt 3.12.4. false_positive \u2014 CVE-2026-42338 is a false positive match for this repository. The CVE concerns the 'ip-address' npm package (specifically XSS vulnerabilities in the Address6 class), but this repository is 'nuxt' (Nuxt.js web framework version 3.12.4-tuxcare.5). Exhaustive search confirmed that the ip-address package is not present in this repository as the project itself, as a vendored/bundled copy, or as a de..." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:4cec427b-2aba-56cd-881e-932d31c02e39", "id": "CVE-2026-44372", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44372 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:8fb57a38-c5d5-5fff-b9c5-6b674238eb6a", "id": "CVE-2026-44373", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44373 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:13fb85ae-93fb-5ebb-903a-2791392eb15a", "id": "CVE-2026-45669", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45669 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:b0c123e9-18d2-58c9-9c56-da3d90fce8f3", "id": "CVE-2026-46342", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46342 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:baf63947-7532-59d1-9a76-1e73f8e8232c", "id": "CVE-2026-47200", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47200 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:dd5436e9-e258-5e17-b649-d2affa468175", "id": "CVE-2026-53571", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53571 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:8582d8fd-3de2-53a5-b439-8d780b478301", "id": "CVE-2026-53721", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53721 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:332d6dfc-e0b0-516a-8656-e48569d9bab6", "id": "CVE-2026-53722", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53722 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:7591d589-cf75-551c-81bf-e23565b8cbe6", "id": "CVE-2026-56326", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-56326 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:83d65a0d-75c5-58c6-a4d0-7512f21ecbd2", "id": "GHSA-4hxc-9384-m385", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-4hxc-9384-m385 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:56178947-48af-5fda-97c2-21bfe6d324bb", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:766aae77-6936-51e2-b263-6f2109534c8f", "id": "GHSA-c9cv-mq2m-ppp3", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-c9cv-mq2m-ppp3 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:04b6fbeb-d863-5d54-9f79-2423cdb1cb5b", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr does not affect version 3.12.4 of nuxt. not_affected \u2014 Nuxt.js is not affected by GHSA-gv7w-rqvm-qjhr. The vulnerability exists only in esbuild's Deno module distribution (lib/deno/mod.ts), which lacks SHA-256 integrity verification for downloaded binaries. Nuxt uses esbuild as an npm package dependency for Node.js, which uses a completely different installation path (lib/npm/node-install.ts) that already includes the binaryIntegrityCheck() protect..." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:b8dc390e-3624-5334-bb62-db421a0741ca", "id": "GHSA-m3q2-p4fw-w38m", "analysis": { "state": "not_affected", "detail": "Vulnerability GHSA-m3q2-p4fw-w38m does not affect version 3.12.4 of nuxt. not_affected \u2014 Target version (nuxt@3.12.4-tuxcare.5) is NOT affected by GHSA-m3q2-p4fw-w38m. The vulnerability was introduced 1754 commits AFTER v3.12.4 when Nuxt upgraded from unhead v1 to v2 in v3.16.0. The target uses a fundamentally different, older implementation that does not contain the vulnerable innerHTML pattern." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:be385c3a-a0f7-5f86-8ab3-fac07ed56fe3", "id": "GHSA-q5pr-72pq-83v3", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-q5pr-72pq-83v3 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:2c51657b-17cb-5ff5-9af3-906fb69db0a9", "id": "GHSA-w5hq-g745-h8pq", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-w5hq-g745-h8pq affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:cda67c42-49ed-53f5-a3e0-f866fa7522f0", "id": "GHSA-wr4h-v87w-p3r7", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-wr4h-v87w-p3r7 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }, { "bom-ref": "urn:uuid:dfd05210-0487-5013-a3d4-959741a25332", "id": "GHSA-x7mm-9vvv-64w8", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-x7mm-9vvv-64w8 affects version 3.12.4 of nuxt." }, "affects": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] } ], "dependencies": [ { "ref": "pkg:npm/nuxt@3.12.4" } ] }