{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fd99f339-2c8f-5972-b58d-ae5c5b126264", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-buildpack-platform@2.7.16-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-buildpack-platform", "version": "2.7.16-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/spring-boot-buildpack-platform@2.7.16-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bc9cf3b4-a72e-5766-83fd-377c7fa48a8b", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-buildpack-platform." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-buildpack-platform@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c501808f-1556-592f-b968-45ce98e86abb", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-buildpack-platform." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-buildpack-platform@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:60589f64-a571-5a7c-a5d8-3a4728993f35", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-buildpack-platform." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-buildpack-platform@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ee782753-e5ed-59de-9f50-e1bce8b59a51", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-buildpack-platform." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-buildpack-platform@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d4864b79-4aa6-50ec-9068-d4cea824a89f", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-buildpack-platform." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-buildpack-platform@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:789f7414-57dd-57b2-8ac8-8f1955c94c51", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-buildpack-platform." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-buildpack-platform@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b7098470-61c7-542e-973f-dbeeead5f493", "id": "CVE-2026-40973", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40973 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-buildpack-platform." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-buildpack-platform@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c8cb81a7-10b8-5791-8026-443e6dc1e046", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-buildpack-platform." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-buildpack-platform@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:95b308df-2020-5520-b989-4b4212831e29", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-buildpack-platform." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-buildpack-platform@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:430995a8-a309-514f-a511-cbd064c32d67", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-buildpack-platform." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-buildpack-platform@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6c71753e-51df-5363-a3c2-320ad6590cf1", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-buildpack-platform." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-buildpack-platform@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb8ea3ee-cc34-5ec6-aa66-e01945b8c992", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-buildpack-platform." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-buildpack-platform@2.7.16-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-buildpack-platform@2.7.16-tuxcare.3" } ] }