{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:089a30a9-fbb5-5e74-8596-64042eb8a33d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-loader@2.4.6-tuxcare.4", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-loader", "version": "2.4.6-tuxcare.4", "purl": "pkg:maven/org.springframework.boot/spring-boot-loader@2.4.6-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:80b254db-6be3-53fa-8fd3-dc0bcc071968", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-loader." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2038edc3-ffa4-5d8e-bd99-e3084c1908b8", "id": "CVE-2023-20873", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-loader." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4af7e86d-8209-5ed8-b82e-769515dbe589", "id": "CVE-2023-20883", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-loader." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:086c66e7-ac87-5612-940a-af3c2c5c7515", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-loader." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cf590ecd-5cb5-5f17-90fa-45c71ccc6a4e", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-loader." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e6b5fb16-825f-570f-a168-7a54552ccafe", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-loader." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:839b934b-e87a-58dd-ba50-3e6d7a14c33c", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-loader." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:efcb220f-678f-553d-a9ba-d6950142c646", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-loader." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e9352d75-9829-5684-bb3c-aae9c3119a6c", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-loader." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:33460c4e-91d0-522a-8813-2eaa416aa5b0", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-loader." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4ebb2f86-1619-5b83-8acb-ee8d9bf53124", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-loader." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0d0e3185-7476-5621-a7ba-bd0c2f853cad", "id": "CVE-2026-40975", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40975 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-loader." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c90fd33e-b814-535f-be2f-fa458ddf9970", "id": "CVE-2026-40977", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40977 is fixed in version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-loader." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5870e1b6-164a-5f30-9dcf-be5286020f35", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-loader." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader@2.4.6-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:89e30312-fb4b-5139-bad3-4585da10e9b8", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.4.6-tuxcare.4 of org.springframework.boot:spring-boot-loader." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader@2.4.6-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-loader@2.4.6-tuxcare.4" } ] }