{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:792e1a14-e81a-508f-95f1-04395a40e4d6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.7.16-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-dependencies", "version": "2.7.16-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.7.16-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:38db593d-189a-5a0f-af84-5b0bca73e54d", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-dependencies." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:67c5d398-5189-5ff8-b2ec-9f15e4b5bf64", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-dependencies." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:135a4914-bda6-5f92-ae60-155876573317", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-dependencies." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5af114c3-6cff-5fa0-9c7f-bb3d32fe601f", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-dependencies." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8fe9295f-3c6a-5de4-8f55-9b1ac32ea693", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-dependencies." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:01907e51-e95f-5498-8834-e0a8ce58234b", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-dependencies." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ed573e77-ad33-5511-b903-32e63edd6f23", "id": "CVE-2026-40973", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40973 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-dependencies." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:234549ff-41c0-5ad6-a3c9-df4d7b96b4ba", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-dependencies." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:16103461-5103-5b57-9653-579cb4ddc7ae", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-dependencies." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fdf851f9-d8bf-5cd3-9254-785b18223fd7", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-dependencies." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c2190f7a-8048-557f-bac8-54196677d95e", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-dependencies." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:18365423-3c65-531e-8b74-f4a22de742a3", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-dependencies." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.7.16-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.7.16-tuxcare.3" } ] }