{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:342a5c0c-c982-59c2-b02d-a05a4e4e03e5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.7.16-tuxcare.4", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-devtools", "version": "2.7.16-tuxcare.4", "purl": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.7.16-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8655e977-029a-559d-8cea-db89e136970e", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:811036fa-4e2e-584e-bc5c-eeb0adf8b24c", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a3f73278-692d-5521-a6c4-861c33e31835", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d4ee9d95-f9b8-56f5-8e27-b6ca36da46fa", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7600ee33-89bd-50ef-9e03-8477be5a7f84", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:242a391f-d49e-5a9d-8c33-2491a797f1bf", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1a203a64-6307-553d-95f9-df9deab54180", "id": "CVE-2026-40973", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40973 is fixed in version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d5776839-5efd-5c07-93ed-a51954658f28", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e8729633-e851-5340-83a1-a8616eaa478d", "id": "CVE-2026-40975", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40975 is fixed in version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:614bf8a4-7eae-5932-84a6-c174843c141c", "id": "CVE-2026-40977", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40977 is fixed in version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b0f71be8-492b-5951-8db7-27979c98e619", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:95899a1c-4ad4-51e3-b94f-96126d4602d3", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.7.16-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.7.16-tuxcare.4" } ] }