{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c93dee1e-5aed-55d6-91c7-dfbb4a7728c4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.16-tuxcare.5", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-data-jpa", "version": "2.7.16-tuxcare.5", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.16-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:512ad733-0a4f-54c0-a8ca-a451099bc128", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.7.16-tuxcare.5 of org.springframework.boot:spring-boot-starter-data-jpa." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dd394fa6-6154-54f5-8b1e-035b98b12201", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.16-tuxcare.5 of org.springframework.boot:spring-boot-starter-data-jpa." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2c480271-50f5-5d9a-9b81-4eca872411f6", "id": "CVE-2024-38807", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38807 is fixed in version 2.7.16-tuxcare.5 of org.springframework.boot:spring-boot-starter-data-jpa." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9eb67522-e56a-5ee4-beeb-3dfe904c80c1", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.7.16-tuxcare.5 of org.springframework.boot:spring-boot-starter-data-jpa." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:85d2e474-cd50-564e-b047-0bebacdf1ecf", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.7.16-tuxcare.5 of org.springframework.boot:spring-boot-starter-data-jpa." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:832a459e-2045-5a9c-8373-024db3db1d9e", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.7.16-tuxcare.5 of org.springframework.boot:spring-boot-starter-data-jpa." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:92e75990-2b9c-5adf-867a-38804baa1f8e", "id": "CVE-2026-40973", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40973 is fixed in version 2.7.16-tuxcare.5 of org.springframework.boot:spring-boot-starter-data-jpa." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3f327a8a-9f13-5526-9453-e94e7a20f0e4", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.16-tuxcare.5 of org.springframework.boot:spring-boot-starter-data-jpa." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1127c1c5-57a9-588b-86c0-5ca971def560", "id": "CVE-2026-40975", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40975 is fixed in version 2.7.16-tuxcare.5 of org.springframework.boot:spring-boot-starter-data-jpa." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6923cd51-0aae-52e4-9929-177259cdb7fa", "id": "CVE-2026-40977", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40977 is fixed in version 2.7.16-tuxcare.5 of org.springframework.boot:spring-boot-starter-data-jpa." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:39d59940-676c-589f-8d00-4dd8b1775c7e", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.7.16-tuxcare.5 of org.springframework.boot:spring-boot-starter-data-jpa." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:739e4229-6ee4-56b5-8fdf-dca287cb8bf6", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.7.16-tuxcare.5 of org.springframework.boot:spring-boot-starter-data-jpa." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.16-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-jpa@2.7.16-tuxcare.5" } ] }