{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:19f03206-7852-5c07-bf74-1452735472d1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-security@2.7.16-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-security", "version": "2.7.16-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-security@2.7.16-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:77d0b5dd-1bcb-59c5-a520-2f2f1e2ece24", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-security." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-security@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4a498405-16a5-5cfe-b1cc-832399487985", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-security." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-security@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2db80dc3-9708-58e2-bd60-8d1659d09c69", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-security." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-security@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:74b667da-8573-51f5-9f35-13c9b978feaf", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-security." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-security@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:717959a8-0aa2-5ef9-8630-597f089f5a30", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-security." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-security@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c246bcb9-9bee-5b1d-b2d5-b36cbfa22bb4", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-security." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-security@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce2e134a-09c5-5916-90c3-8a7b2f05c760", "id": "CVE-2026-40973", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40973 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-security." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-security@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ad7792c5-9cc6-562c-a407-593e0b70e23b", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-security." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-security@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:261c8955-7b91-59f1-8f83-daed96e1d05c", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-security." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-security@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:74ddbb74-3137-5452-826e-9fd14e814c3b", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-security." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-security@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:31b78419-d774-5021-9b88-94524757c18f", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-security." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-security@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:28b3a20f-6d6d-5ab2-8ed3-248101a0c852", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-security." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-security@2.7.16-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-security@2.7.16-tuxcare.3" } ] }