{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:94d016e0-e1f1-5a0b-997c-41bbc599a88e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-cli@3.3.13-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-cli", "version": "3.3.13-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/spring-boot-cli@3.3.13-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d42c4f0c-c095-573c-b305-3e3fc3032fa4", "id": "CVE-2025-22235", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-22235 does not affect version 3.3.13-tuxcare.3 of org.springframework.boot:spring-boot-cli. This CVE was fixed in version 3.3.11 (https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-9804539, https://github.com/advisories/GHSA-rc42-6c7j-7h5r) so version 3.3.13 is not affected" }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-cli@3.3.13-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:89abec85-31d9-566a-836e-df786966a798", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 3.3.13-tuxcare.3 of org.springframework.boot:spring-boot-cli." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-cli@3.3.13-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e53b75a-f16c-5f64-9e7c-c33b161e2965", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 3.3.13-tuxcare.3 of org.springframework.boot:spring-boot-cli." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-cli@3.3.13-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d33fae30-1562-55da-92fe-9f399bca84ec", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 3.3.13-tuxcare.3 of org.springframework.boot:spring-boot-cli." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-cli@3.3.13-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9594de18-e243-5eaa-a108-e3f2bfe01a3e", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 3.3.13-tuxcare.3 of org.springframework.boot:spring-boot-cli." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-cli@3.3.13-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6ced05a7-a2c5-5383-ab47-190be7fcd7bd", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 3.3.13-tuxcare.3 of org.springframework.boot:spring-boot-cli." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-cli@3.3.13-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4f398815-3652-595a-961f-8e16e36b4461", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 3.3.13-tuxcare.3 of org.springframework.boot:spring-boot-cli." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-cli@3.3.13-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:02935b74-3f90-53b3-9e11-ac0fa37ff6be", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 3.3.13-tuxcare.3 of org.springframework.boot:spring-boot-cli." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-cli@3.3.13-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c61b7f93-d7ed-58b3-a51a-4bff9c52562a", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 3.3.13-tuxcare.3 of org.springframework.boot:spring-boot-cli." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-cli@3.3.13-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-cli@3.3.13-tuxcare.3" } ] }