{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:b22f3175-d7fb-5993-9bee-4a84c518a918",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.4.6-tuxcare.3",
      "type": "library",
      "group": "org.springframework.boot",
      "name": "spring-boot-starter-oauth2-resource-server",
      "version": "2.4.6-tuxcare.3",
      "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.4.6-tuxcare.3"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:89233a29-2325-5d00-8a29-c8f6cb020c5b",
      "id": "CVE-2022-22965",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2022-22965 is fixed in version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:351790a3-db7f-5484-b39a-2e415bf1a39a",
      "id": "CVE-2023-20873",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8e793a2f-937c-5538-a7f3-18b633add840",
      "id": "CVE-2023-20883",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a0b107d8-0f64-5afd-be16-18b037960186",
      "id": "CVE-2023-34055",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:958a5d5c-2bd4-5b70-a56d-978b07095fb2",
      "id": "CVE-2023-38286",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2023-38286 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:cac3c7b6-8289-5836-8b18-645d6002399f",
      "id": "CVE-2024-38807",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38807 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4b9c7dc0-01cc-5ab5-b5cb-47ab591aec0d",
      "id": "CVE-2025-22235",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:aef60888-a10c-578c-aa7a-f9960bae8550",
      "id": "CVE-2026-22733",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22733 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4e8699c8-61f2-51a4-9138-8b6908127035",
      "id": "CVE-2026-40972",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40972 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ad60fec3-a54c-5bf3-9ea8-f5f3e2a2bb4f",
      "id": "CVE-2026-40973",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40973 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:eed2c0aa-9d2d-5de3-8bac-d534cd47609b",
      "id": "CVE-2026-40974",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40974 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:34a8b647-bbb0-5d69-bdc7-ef1394e4a308",
      "id": "CVE-2026-40975",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40975 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c77c4e97-e053-51f4-86bf-97f70a05a05e",
      "id": "CVE-2026-40977",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40977 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6ffe6ff2-e5dc-5693-91eb-9b7504354bf5",
      "id": "CVE-2026-40992",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40992 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.4.6-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d8d28c0d-53b5-5f9d-b1d9-d5d3c01b3720",
      "id": "CVE-2026-41001",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-41001 affects version 2.4.6-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.4.6-tuxcare.3"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.4.6-tuxcare.3"
    }
  ]
}