{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a52a82ab-434d-5b2b-8b22-f4e327412e94", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "6.1.21-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:107b4ee0-e3cc-582b-af25-6aeb26c95a2d", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:579c96c5-29b8-5283-9d74-bded7966410b", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8c1f70a5-d168-5327-a20d-68bc582d6e38", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:71b01191-31d6-57c9-9ae0-991a316dfe42", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1752bae2-4bea-5536-95e4-7fe55cbdb1cd", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:69d1d40d-f262-5876-9e71-b71bfc3721f0", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ae8811f6-8614-5a10-831e-106aa7e72cd8", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e9724028-3a13-57c0-b8dd-a922e88fd79c", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:448c6932-c933-5e5b-8dde-afe03b74e361", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.4" } ] }