{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0171c12a-393e-5b2e-a7cf-f2542ca4abbe", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/vite@5.4.14-tuxcare.2", "type": "library", "name": "vite", "version": "5.4.14-tuxcare.2", "purl": "pkg:npm/vite@5.4.14-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3170c95f-43d1-5f72-8089-e4c3a664babc", "id": "CVE-2025-24010", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24010 affects version 5.4.14-tuxcare.2 of vite." }, "affects": [ { "ref": "pkg:npm/vite@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1d076385-154b-5c94-b5ef-2552ee0e2119", "id": "CVE-2025-30208", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-30208 is fixed in version 5.4.14-tuxcare.2 of vite." }, "affects": [ { "ref": "pkg:npm/vite@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0786e2c6-b0ba-5009-b2c7-dd13365e8e07", "id": "CVE-2025-31125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31125 is fixed in version 5.4.14-tuxcare.2 of vite." }, "affects": [ { "ref": "pkg:npm/vite@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b661ee3d-663e-5218-8a7a-8c85a81d6313", "id": "CVE-2025-31486", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31486 is fixed in version 5.4.14-tuxcare.2 of vite." }, "affects": [ { "ref": "pkg:npm/vite@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ddfaec76-32a6-5b63-b68d-cc8f172744c3", "id": "CVE-2025-32395", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-32395 is fixed in version 5.4.14-tuxcare.2 of vite." }, "affects": [ { "ref": "pkg:npm/vite@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e24e3878-c58d-59a3-aa25-2127cd15a51d", "id": "CVE-2025-46565", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46565 is fixed in version 5.4.14-tuxcare.2 of vite." }, "affects": [ { "ref": "pkg:npm/vite@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd30ae8f-0ccf-5a22-86e6-8eaf65191f86", "id": "CVE-2025-58751", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-58751 is fixed in version 5.4.14-tuxcare.2 of vite." }, "affects": [ { "ref": "pkg:npm/vite@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c8fc74eb-ba5f-5223-8a7d-02f9ccc3051e", "id": "CVE-2025-58752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-58752 is fixed in version 5.4.14-tuxcare.2 of vite." }, "affects": [ { "ref": "pkg:npm/vite@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4f0a29ee-9924-5e81-a1fe-414487c48843", "id": "CVE-2025-62522", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-62522 is fixed in version 5.4.14-tuxcare.2 of vite." }, "affects": [ { "ref": "pkg:npm/vite@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b9d5b063-72bf-5fc0-ad82-898c3ed7232a", "id": "CVE-2026-39363", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39363 affects version 5.4.14-tuxcare.2 of vite." }, "affects": [ { "ref": "pkg:npm/vite@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:07606028-e7ce-5f1e-9524-88de3a3f7e15", "id": "CVE-2026-39364", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39364 affects version 5.4.14-tuxcare.2 of vite." }, "affects": [ { "ref": "pkg:npm/vite@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f6bb005-62ba-5817-9e20-cb6b2c5bcec7", "id": "CVE-2026-39365", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-39365 affects version 5.4.14-tuxcare.2 of vite." }, "affects": [ { "ref": "pkg:npm/vite@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:94a3bda3-d708-5baa-98cc-552643eadfe5", "id": "CVE-2026-53571", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-53571 affects version 5.4.14-tuxcare.2 of vite." }, "affects": [ { "ref": "pkg:npm/vite@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad958fd7-dc82-5e20-8ca2-93a91d8d6287", "id": "GHSA-4w7w-66w2-5vf9", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-4w7w-66w2-5vf9 affects version 5.4.14-tuxcare.2 of vite." }, "affects": [ { "ref": "pkg:npm/vite@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b8180622-e883-5a94-be96-c2a1f8a57bab", "id": "GHSA-67mh-4wv8-2f99", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-67mh-4wv8-2f99 affects version 5.4.14-tuxcare.2 of vite." }, "affects": [ { "ref": "pkg:npm/vite@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:57f8edbb-e53e-5e10-a656-df02cf7a72bd", "id": "GHSA-gv7w-rqvm-qjhr", "analysis": { "state": "false_positive", "detail": "Vulnerability GHSA-gv7w-rqvm-qjhr is a false positive for vite 5.4.14-tuxcare.2. false_positive \u2014 GHSA-gv7w-rqvm-qjhr concerns esbuild's Deno module (lib/deno/mod.ts) which is not present in this Vite repository. Vite uses esbuild as an npm package dependency, which uses the secure Node.js distribution (lib/npm/node-install.ts) that includes SHA-256 integrity verification. This is a wrong-project match." }, "affects": [ { "ref": "pkg:npm/vite@5.4.14-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b0474e2d-a0fe-5ec6-83f8-5a8c923b9ced", "id": "GHSA-v2wj-q39q-566r", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-v2wj-q39q-566r affects version 5.4.14-tuxcare.2 of vite." }, "affects": [ { "ref": "pkg:npm/vite@5.4.14-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/vite@5.4.14-tuxcare.2" } ] }