{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fb8aa6a8-dfff-5c5d-a76b-d6d9623929c7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@6.1.20-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "6.1.20-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-web@6.1.20-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:98c08534-66e8-5390-9e54-1598945d3916", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1c2cc5a1-5098-52d2-94ab-1c01c2ba16c0", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4d0804fe-30b5-566e-bab1-ae1a9bfda722", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ad92feed-e4bd-5801-9a48-507e19d9114b", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:02539c9b-a8e1-59d5-99e2-1361500d52ee", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cfa91908-804e-57a9-99bc-c08442b5396b", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:72587f11-05c0-5bde-8e37-2e49c24378ba", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.20-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0c792225-2c31-58ba-a99e-cb9f1550987a", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:da36bb30-296d-5cd2-a87a-14a6fe61220b", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8ea37bfc-d8d1-5d02-9844-215ccf2923d5", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.20-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.20-tuxcare.3" } ] }