{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:3186e790-e32b-54ad-ba3b-6a9a712001b6",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/nuxt@4.0.3-tuxcare.2",
      "type": "library",
      "name": "nuxt",
      "version": "4.0.3-tuxcare.2",
      "purl": "pkg:npm/nuxt@4.0.3-tuxcare.2"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:d740c57f-fb1a-537a-8909-86b08829e2af",
      "id": "CVE-2022-21670",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2022-21670 is fixed in version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ddda991b-15e3-5eb6-b060-d15a69c5267f",
      "id": "CVE-2022-25852",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2022-25852 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c2b1d0c0-1307-594b-96e2-42086c978422",
      "id": "CVE-2025-59414",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-59414 is fixed in version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:254e706b-995e-51b0-b163-717d071926ca",
      "id": "CVE-2026-25128",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-25128 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c17183f5-051f-55f2-9598-9fd5244a9067",
      "id": "CVE-2026-32887",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-32887 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2b44e373-e29a-5210-8098-fd86f3d7e13f",
      "id": "CVE-2026-33128",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33128 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3fa42b22-9a44-5bcb-b743-8f99471f0944",
      "id": "CVE-2026-33129",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33129 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:cda30e78-ea64-5ac5-b35c-8c0b104ccfff",
      "id": "CVE-2026-33131",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33131 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b6461538-b20b-5bdc-847a-89fd61a6a62b",
      "id": "CVE-2026-33490",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-33490 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e78ecaad-5239-5d89-8e33-1ed3534afe5b",
      "id": "CVE-2026-39363",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39363 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fcae6c42-200a-509d-9fa1-2a486bc44856",
      "id": "CVE-2026-39364",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39364 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6d7e068a-5fc8-55ac-a382-8c1a817c98bd",
      "id": "CVE-2026-39365",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39365 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:68cf6409-1290-5b6c-9ac9-a1170b2397c5",
      "id": "CVE-2026-39406",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-39406 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c59eb141-bdeb-5d40-8fc6-784b15f53a82",
      "id": "CVE-2026-41305",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-41305 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:81dbe139-bf76-5272-a048-4a459e99df1c",
      "id": "CVE-2026-42338",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2026-42338 is a false positive for nuxt 4.0.3-tuxcare.2. false_positive \u2014 CVE-2026-42338 concerns the 'ip-address' npm package, but this repository is the 'nuxt' framework. The affected component (ip-address library) is completely absent from the repository - not as the project itself, not as vendored/bundled code, and not as a declared dependency. This is a wrong-project match."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:94c5b1e7-8bd9-567c-adf4-8ff147c2861b",
      "id": "CVE-2026-44372",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-44372 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:51b95b70-86a6-5d4e-aaaf-f6b9273fe614",
      "id": "CVE-2026-44373",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-44373 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7479d16f-0973-5c97-a298-2cdaf53819e5",
      "id": "CVE-2026-45669",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-45669 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f4fc33f8-0568-5c0d-b7eb-9d221cf74f8e",
      "id": "CVE-2026-45670",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-45670 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:df701568-3649-5a4a-aaba-32d232a01fc6",
      "id": "CVE-2026-45736",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2026-45736 is a false positive for nuxt 4.0.3-tuxcare.2. false_positive \u2014 CVE-2026-45736 is a wrong-project match. The advisory concerns the 'ws' WebSocket library for Node.js, but the target repository is Nuxt.js framework. The ws library's source code (specifically lib/sender.js containing the vulnerable WebSocket close implementation) does not exist anywhere in this repository. While ws appears as a transitive dependency in pnpm-lock.yaml, no ws source code is pre..."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3c667d58-3308-5326-ac0a-85cdae6690c0",
      "id": "CVE-2026-46342",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-46342 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:11abaa6c-4e6f-5790-8192-ab922f74e5fb",
      "id": "CVE-2026-47200",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-47200 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:48785030-6d7f-5cda-9d9a-e82d28e1e903",
      "id": "CVE-2026-49993",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-49993 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:493f163f-1008-5ffd-a452-6b0f9c17248f",
      "id": "CVE-2026-53571",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-53571 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b7ce8408-c215-5161-8754-0fa1dc4eaee8",
      "id": "CVE-2026-53721",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-53721 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f3e0340d-0002-5696-b45e-22aaa9fc09c4",
      "id": "CVE-2026-53722",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-53722 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d3e6f20f-f2d1-5a07-9fde-daa96f3c0823",
      "id": "CVE-2026-54285",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2026-54285 is a false positive for nuxt 4.0.3-tuxcare.2. false_positive \u2014 This CVE concerns @opentelemetry/core (OpenTelemetry JavaScript package), but the target repository is Nuxt (Vue.js framework). The affected component W3CBaggagePropagator is completely absent from this repository. This is a wrong-project match."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f9b630d3-8b5f-5d6f-9dbe-ea0843945823",
      "id": "CVE-2026-56326",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-56326 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6614d490-a495-5c18-bdb9-ad98b4ba8792",
      "id": "GHSA-4hxc-9384-m385",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-4hxc-9384-m385 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f05cb146-3420-5584-93de-68c2567c9f9e",
      "id": "GHSA-534h-c3cw-v3h9",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-534h-c3cw-v3h9 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9b53c9ae-78e0-58f8-ac4a-104f8a536b27",
      "id": "GHSA-c9cv-mq2m-ppp3",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-c9cv-mq2m-ppp3 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d6ff1d9e-0915-5a28-a054-9eead301d29a",
      "id": "GHSA-gv7w-rqvm-qjhr",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr does not affect version 4.0.3-tuxcare.2 of nuxt. not_affected \u2014 The target Nuxt repository uses esbuild as a Node.js dependency via npm/pnpm, not the vulnerable Deno module. The vulnerability (GHSA-gv7w-rqvm-qjhr) is specific to esbuild's Deno distribution (lib/deno/mod.ts) which downloads binaries at runtime without integrity verification. The Node.js distribution (lib/npm/node-install.ts) contains robust SHA-256 integrity checks and is not affected. This ..."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:faec9b3e-fa3d-5e13-b44b-231400fbcfdd",
      "id": "GHSA-m3q2-p4fw-w38m",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-m3q2-p4fw-w38m affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e95d62ea-c010-51e9-b55a-5c6ff0324693",
      "id": "GHSA-q5pr-72pq-83v3",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-q5pr-72pq-83v3 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ad444605-dc99-55f1-aa59-f77e199173fe",
      "id": "GHSA-rq7w-g337-39qq",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-rq7w-g337-39qq affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8601de87-2095-584f-92f9-cea28eaea117",
      "id": "GHSA-w5hq-g745-h8pq",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-w5hq-g745-h8pq affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:30ca176c-2587-5bc2-90d4-0fc3af77f523",
      "id": "GHSA-wr4h-v87w-p3r7",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-wr4h-v87w-p3r7 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5f34a8cf-b034-599c-886c-2d0bac78307d",
      "id": "GHSA-x7mm-9vvv-64w8",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability GHSA-x7mm-9vvv-64w8 affects version 4.0.3-tuxcare.2 of nuxt."
      },
      "affects": [
        {
          "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/nuxt@4.0.3-tuxcare.2"
    }
  ]
}