{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:e33f5653-6b47-5e65-aff0-d4540ac881e2",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.4.6-tuxcare.3",
      "type": "library",
      "group": "org.springframework.boot",
      "name": "spring-boot-starter-data-jpa",
      "version": "2.4.6-tuxcare.3",
      "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.4.6-tuxcare.3"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:aebcbecb-fe81-5071-84ff-a2757c7fbbe0",
      "id": "CVE-2022-22965",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2022-22965 is fixed in version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-jpa."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b745ebff-7a8b-569c-8bf7-1d34cdd01234",
      "id": "CVE-2023-20873",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-jpa."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a83e1865-5049-5914-8977-3436e2fd79f9",
      "id": "CVE-2023-20883",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-jpa."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a1c7542f-36dd-504c-9cfb-1793ca046f8e",
      "id": "CVE-2023-34055",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-jpa."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:38f64a94-da5f-5033-bc2c-36e9118af297",
      "id": "CVE-2023-38286",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2023-38286 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-jpa."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1873941c-8fcb-5799-887c-af9e2dd09a32",
      "id": "CVE-2024-38807",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38807 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-jpa."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:07e95d0b-6857-5f36-8c4e-01f1753e54ae",
      "id": "CVE-2025-22235",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-jpa."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0d4a2f2e-2113-5bbe-b7e2-7c180e6fa403",
      "id": "CVE-2026-22733",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22733 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-jpa."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:905d0cc0-8e85-5d29-a112-7f6524082e3e",
      "id": "CVE-2026-40972",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40972 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-jpa."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:56e6ef75-037b-5023-b66e-b8bf9bd58c14",
      "id": "CVE-2026-40973",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40973 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-jpa."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:40daf880-b58a-5820-bd6f-e9eaf9560a7e",
      "id": "CVE-2026-40974",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40974 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-jpa."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fa8f6c9e-1015-584e-a45a-bc7afb9fb3eb",
      "id": "CVE-2026-40975",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40975 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-jpa."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3aa25c9f-ae1b-5c75-b02a-3ed99ce88f6d",
      "id": "CVE-2026-40977",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40977 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-jpa."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:bd45bce9-9583-5d70-8928-6327663abb76",
      "id": "CVE-2026-40992",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40992 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-jpa."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:596ce3e4-963c-56a5-ab68-63ac2e8fb9e4",
      "id": "CVE-2026-41001",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-41001 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-data-jpa."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.4.6-tuxcare.3"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.4.6-tuxcare.3"
    }
  ]
}