{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7af6f823-4f6a-547e-9d17-fadb88a7028a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.7.16-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-oauth2-resource-server", "version": "2.7.16-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.7.16-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:852306f3-a061-5084-87e4-a1a84be94d17", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c0e7f736-67f0-5f05-baa8-1feb4a27ae3c", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:48b5780e-a0fe-52d3-a206-d6b0bd864d9b", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b9c5fd93-95af-5cb0-92fc-65843678039b", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6cf8ecb5-06a8-5409-993b-eafd6ae4cf42", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0ad810c4-47e4-5c14-a694-ef1d0ae366cd", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:44e660ce-8a22-5ada-a4ea-7061ef6812f9", "id": "CVE-2026-40973", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40973 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:da768663-d8e8-5a8d-86ff-110b9f4327b1", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4ff3a660-1dd0-5f97-8680-dd2401c92af3", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ec459860-45ab-54a7-8536-bd0c85b97596", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:392f8328-5ffd-50f7-8472-7d8eb2451762", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:42ae2570-ee81-5b74-96c2-583c4c509ecc", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.7.16-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@2.7.16-tuxcare.3" } ] }