{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:11e748d6-ba03-599a-8084-ea575b0169c3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.16-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-maven-plugin", "version": "2.7.16-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.16-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9d2f4a2e-4e68-58ed-8a43-c50c9207ce5f", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9a618f85-b9b3-5200-88db-faa8705a972f", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e1657480-3264-569d-be7e-5aa98128d2fd", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6ec8fbca-2031-57de-a42d-3ee07c8fc27d", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bc9af155-9afa-5b35-ab6d-a04ec0a6500b", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:978043bd-d43e-5acb-b150-07056e21fda4", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1e3247d7-0c75-5dbf-857e-b12243c0e3a8", "id": "CVE-2026-40973", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40973 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bc6dd3b8-7aa2-52ad-a5b7-62610ee1e8fd", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bca2b5cd-eed3-5c14-afcf-a0ad5154300e", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0d0588e6-b8ec-5eb0-93f4-43e145f0e649", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c195d70a-d5b8-56ba-9867-f85dbb1f4d78", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:22e2cc0d-676a-585b-a36b-e25b61d8fc13", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.16-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.16-tuxcare.3" } ] }