{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:082184ab-4855-587c-a797-bb7c291db95d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:composer/guzzlehttp/guzzle@6.0.2", "type": "library", "group": "guzzlehttp", "name": "guzzle", "version": "6.0.2", "purl": "pkg:composer/guzzlehttp/guzzle@6.0.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6606e580-4435-5320-b621-7ce0e3511e47", "id": "CVE-2022-24775", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-24775 does not affect version 6.0.2 of guzzlehttp/guzzle. not_affected \u2014 The target repository guzzlehttp/guzzle v6.0.2 is not affected by CVE-2022-24775. This CVE targets guzzlehttp/psr7 (a separate PSR-7 HTTP message library), and the vulnerable code does not exist in the guzzle repository. Guzzle declares psr7 as an external dependency but does not vendor or bundle its source code. The repository contains only client code that calls psr7's API methods (withHeader..." }, "affects": [ { "ref": "pkg:composer/guzzlehttp/guzzle@6.0.2" } ] }, { "bom-ref": "urn:uuid:1d6dfdfa-9227-5932-b610-4b55e19ff29a", "id": "CVE-2022-29248", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-29248 affects version 6.0.2 of guzzlehttp/guzzle." }, "affects": [ { "ref": "pkg:composer/guzzlehttp/guzzle@6.0.2" } ] }, { "bom-ref": "urn:uuid:fef68515-ada7-5e7b-9222-d13c775d6c79", "id": "CVE-2022-31042", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-31042 affects version 6.0.2 of guzzlehttp/guzzle." }, "affects": [ { "ref": "pkg:composer/guzzlehttp/guzzle@6.0.2" } ] }, { "bom-ref": "urn:uuid:7eefa9dc-1d15-5e03-a466-d1ef69a8baa0", "id": "CVE-2022-31043", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-31043 affects version 6.0.2 of guzzlehttp/guzzle." }, "affects": [ { "ref": "pkg:composer/guzzlehttp/guzzle@6.0.2" } ] }, { "bom-ref": "urn:uuid:fa03da55-f3a6-5f2a-bf71-d68853d58f50", "id": "CVE-2022-31090", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-31090 affects version 6.0.2 of guzzlehttp/guzzle." }, "affects": [ { "ref": "pkg:composer/guzzlehttp/guzzle@6.0.2" } ] }, { "bom-ref": "urn:uuid:7d60fa5f-3acd-5453-a38d-6466872dacf8", "id": "CVE-2022-31091", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-31091 affects version 6.0.2 of guzzlehttp/guzzle." }, "affects": [ { "ref": "pkg:composer/guzzlehttp/guzzle@6.0.2" } ] }, { "bom-ref": "urn:uuid:83a50439-ad27-5fc6-8c58-2e19beba8f0c", "id": "CVE-2023-29197", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-29197 affects version 6.0.2 of guzzlehttp/guzzle." }, "affects": [ { "ref": "pkg:composer/guzzlehttp/guzzle@6.0.2" } ] }, { "bom-ref": "urn:uuid:0da8aa48-f526-5325-be47-e531afb1259a", "id": "CVE-2026-55568", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-55568 affects version 6.0.2 of guzzlehttp/guzzle." }, "affects": [ { "ref": "pkg:composer/guzzlehttp/guzzle@6.0.2" } ] }, { "bom-ref": "urn:uuid:72efae06-2cd5-5c3d-b64b-1482a1db58be", "id": "CVE-2026-55767", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-55767 affects version 6.0.2 of guzzlehttp/guzzle." }, "affects": [ { "ref": "pkg:composer/guzzlehttp/guzzle@6.0.2" } ] } ], "dependencies": [ { "ref": "pkg:composer/guzzlehttp/guzzle@6.0.2" } ] }