{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c9019fa8-424a-5880-bdc4-adfdf70fde79", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.5", "type": "library", "group": "org.springframework.boot", "name": "org.springframework.boot.gradle.plugin", "version": "2.7.16-tuxcare.5", "purl": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c70f7eeb-65f7-5637-b302-51d0b30faaa4", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.7.16-tuxcare.5 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:51c58fe6-a120-5235-9df0-e470f70f1bb2", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.16-tuxcare.5 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:05ba77b5-f44e-5b59-b716-918737092e2e", "id": "CVE-2024-38807", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38807 is fixed in version 2.7.16-tuxcare.5 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0e459010-b25a-574b-815f-1f8d26b0a5c8", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.7.16-tuxcare.5 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7007fe37-dfb1-5058-be69-493c11302290", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.7.16-tuxcare.5 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a2ef0ede-8af3-5308-9219-3cd8852ca036", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.7.16-tuxcare.5 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:df7fcbd2-d6bf-515f-bf37-82e2b5491e1e", "id": "CVE-2026-40973", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40973 is fixed in version 2.7.16-tuxcare.5 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:12532e4d-5ba8-57d0-bf83-09d566e010f7", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.16-tuxcare.5 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:77d84512-308a-586d-880a-0831207789dd", "id": "CVE-2026-40975", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40975 is fixed in version 2.7.16-tuxcare.5 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:eb7ccd7f-e33d-5888-8e40-b8009858f399", "id": "CVE-2026-40977", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40977 is fixed in version 2.7.16-tuxcare.5 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:194e8a7b-00b6-57fd-a2be-4e3bc852a86e", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.7.16-tuxcare.5 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dbb46956-aeb7-5f0d-bed2-f82675e483f5", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.7.16-tuxcare.5 of org.springframework.boot:org.springframework.boot.gradle.plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/org.springframework.boot.gradle.plugin@2.7.16-tuxcare.5" } ] }