{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5a32f99a-2ea2-5021-805d-ad691e2e32b0", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.6.15-tuxcare.12", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-oauth2-resource-server", "version": "2.6.15-tuxcare.12", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.6.15-tuxcare.12" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b8f806d4-38b5-50bc-a61f-72af91b952c6", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.6.15-tuxcare.12 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.6.15-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:14741e48-0453-537b-94f9-4458ae5a1585", "id": "CVE-2024-38807", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38807 is fixed in version 2.6.15-tuxcare.12 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.6.15-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:29efd0ed-65c2-564b-92f7-b92a19710f30", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.6.15-tuxcare.12 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.6.15-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:cb7db7ec-9375-5db2-8386-bbe505cff8f1", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.6.15-tuxcare.12 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.6.15-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:fc6c52e3-b2d9-547f-a8cd-287899f8d6b5", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.6.15-tuxcare.12 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.6.15-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:74b73bd1-f95a-5561-a263-e642ac5400ee", "id": "CVE-2026-40973", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40973 is fixed in version 2.6.15-tuxcare.12 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.6.15-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:3e3f25c2-17e8-5aa5-b32d-9b0cd37ea4f9", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.6.15-tuxcare.12 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.6.15-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:54c2a890-5012-51b4-bcbc-8ef37aab36b2", "id": "CVE-2026-40975", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40975 is fixed in version 2.6.15-tuxcare.12 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.6.15-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:6d406e7d-31de-599e-80fc-b1690407adca", "id": "CVE-2026-40977", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40977 is fixed in version 2.6.15-tuxcare.12 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.6.15-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:21e910c6-ad20-556b-b8d2-27a430982f05", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.6.15-tuxcare.12 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.6.15-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:66a58469-97db-54a8-9c19-ede1e8d7f8f7", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.6.15-tuxcare.12 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.6.15-tuxcare.12" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.6.15-tuxcare.12" } ] }