{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:68983941-a776-56f1-b305-68bb9f2f99c0", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "org.springframework.boot.gradle.plugin", "version": "2.7.16-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6d37e408-653f-5afe-8bd0-d0ec0480db59", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:907bc7ee-5d2a-5150-a1c5-117986907703", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.16-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:18e7f7de-b607-5e6e-98a7-3b7eb69d1931", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.7.16-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0cf01985-962c-5df7-a827-b8496854abb7", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3d8baf0c-a477-5924-9e02-ffa7fbc1f374", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d3f242b1-bbc0-52bf-b2d7-bc8a5d9e87a1", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d74c4237-13be-50ac-83fe-b7668c16bd4a", "id": "CVE-2026-40973", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40973 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e6266d17-f141-582d-9a94-c84731502e7b", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.16-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:376d2f23-0446-57cf-88c2-1f0eb955c1a9", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.16-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f4676ed3-9645-50c4-9258-3e927d14f34c", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.16-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:deae5f98-7175-5aca-9b0d-c41dfa647786", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.7.16-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7a9c562c-5f5d-59cd-87f6-6cb91abfed29", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.7.16-tuxcare.3 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.3" } ] }