{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:77bf8a7c-3f7a-57d1-9301-11aad30eba9a",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@3.3.13-tuxcare.5",
      "type": "library",
      "group": "org.springframework.boot",
      "name": "spring-boot-starter-parent",
      "version": "3.3.13-tuxcare.5",
      "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@3.3.13-tuxcare.5"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:65771a4d-edf9-5141-b8bb-3d91ce17e5de",
      "id": "CVE-2025-22235",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2025-22235 does not affect version 3.3.13-tuxcare.5 of org.springframework.boot:spring-boot-starter-parent. This CVE was fixed in version 3.3.11 (https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKBOOT-9804539, https://github.com/advisories/GHSA-rc42-6c7j-7h5r) so version 3.3.13 is not affected"
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@3.3.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:aaca20fa-bb1a-53fc-9089-2fa7f1a3dd7c",
      "id": "CVE-2026-22733",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-22733 is fixed in version 3.3.13-tuxcare.5 of org.springframework.boot:spring-boot-starter-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@3.3.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7c18fd17-190d-54da-9c7f-760a8c22e4a7",
      "id": "CVE-2026-40972",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-40972 is fixed in version 3.3.13-tuxcare.5 of org.springframework.boot:spring-boot-starter-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@3.3.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:98510caf-93c0-52ab-9cdf-a9e7d56b3d44",
      "id": "CVE-2026-40973",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-40973 is fixed in version 3.3.13-tuxcare.5 of org.springframework.boot:spring-boot-starter-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@3.3.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:808e11c9-2df0-5167-a4fe-9adfeb0881e0",
      "id": "CVE-2026-40974",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-40974 is fixed in version 3.3.13-tuxcare.5 of org.springframework.boot:spring-boot-starter-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@3.3.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c58b7088-9eb5-53b5-8e80-b56d325832b9",
      "id": "CVE-2026-40975",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-40975 is fixed in version 3.3.13-tuxcare.5 of org.springframework.boot:spring-boot-starter-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@3.3.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:445232b0-11b5-54d7-962a-371332fa2c30",
      "id": "CVE-2026-40977",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-40977 is fixed in version 3.3.13-tuxcare.5 of org.springframework.boot:spring-boot-starter-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@3.3.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ea6f59c3-6b39-5244-86e7-ff88b36e9494",
      "id": "CVE-2026-40992",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40992 affects version 3.3.13-tuxcare.5 of org.springframework.boot:spring-boot-starter-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@3.3.13-tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:59596f2f-3cde-59a7-9d0b-a64252aa3613",
      "id": "CVE-2026-41001",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-41001 affects version 3.3.13-tuxcare.5 of org.springframework.boot:spring-boot-starter-parent."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@3.3.13-tuxcare.5"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-parent@3.3.13-tuxcare.5"
    }
  ]
}