{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:914afa41-484b-5ff4-acd0-ac614d302e2a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-parent", "version": "2.7.16-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:da4f4f1d-38ae-5866-aac0-19f5f16860d3", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e57a753a-6374-5516-beb0-427cb14fcc70", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:95f96d90-e5bb-563d-83db-b6c7ef5bf61a", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6293305b-aa67-504d-888c-960f65d3b3e6", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6ee0937a-632b-5912-8360-65db414193a7", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8e04d03c-0a48-5a5d-b5d0-c4d1028de4af", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:26d667e5-0cec-5913-93d3-ebfd06df43eb", "id": "CVE-2026-40973", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40973 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:02b6d1c9-8b6a-5550-93fb-0e283f4f36fe", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c1e87d8f-a54f-5fd1-ae47-c917f477e006", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b678edcd-e51c-5def-9303-da7f5aa76789", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8a32457d-e701-50d5-8def-81cb732d8024", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:92d9461a-7b94-51f3-a59a-09432ca8b5ce", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.3" } ] }