{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cc0f7da9-060a-5cb5-8cd4-aa10a417e26e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.4", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-parent", "version": "2.7.16-tuxcare.4", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a1c0824c-1cec-5f55-be64-2101973d0da6", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ef4c75f9-8ecd-5e27-bd26-8b02bc680cbd", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9c3d870d-bda7-5af4-8367-929e01a9cb60", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2dc82941-ec2f-5989-8c05-71a6c07f2222", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4e27ddec-54f6-5ca8-a446-8b35ed1c9ade", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:97515b78-ba90-5653-b562-959e3818da22", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3d44716d-b1e9-5844-bc43-546463075db2", "id": "CVE-2026-40973", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40973 is fixed in version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:61cd1fd3-d6c8-5393-8f69-7acc14417aee", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b7f48887-7a32-5440-bd86-549995b8a135", "id": "CVE-2026-40975", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40975 is fixed in version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7f412cf3-3948-5c27-bbff-bfeae28fb1b5", "id": "CVE-2026-40977", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40977 is fixed in version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eec7c72f-b874-52f5-ad8c-b10db134fd50", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a482d1b4-8a37-5bfe-9591-bafe2dd63f2c", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.7.16-tuxcare.4 of org.springframework.boot:spring-boot-starter-parent." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@2.7.16-tuxcare.4" } ] }