{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:4a935743-df27-53ec-b676-9437594f2369",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-mongodb-reactive@2.6.15-tuxcare.4",
      "type": "library",
      "group": "org.springframework.boot",
      "name": "spring-boot-starter-data-mongodb-reactive",
      "version": "2.6.15-tuxcare.4",
      "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-data-mongodb-reactive@2.6.15-tuxcare.4"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:9d37e546-ab63-514a-b7d2-3f8f52ecd900",
      "id": "CVE-2023-34055",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2023-34055 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-starter-data-mongodb-reactive."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-mongodb-reactive@2.6.15-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d2f7d8ee-3e32-543a-8114-d9871f773adb",
      "id": "CVE-2024-38807",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38807 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-starter-data-mongodb-reactive."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-mongodb-reactive@2.6.15-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ea4e5354-dab1-59e7-afa8-23c151926678",
      "id": "CVE-2025-22235",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-starter-data-mongodb-reactive."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-mongodb-reactive@2.6.15-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:51ba30a8-47d9-525c-960d-9c60f1748d94",
      "id": "CVE-2026-22733",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22733 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-starter-data-mongodb-reactive."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-mongodb-reactive@2.6.15-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4ca98808-3904-5154-9081-171758812d4b",
      "id": "CVE-2026-40972",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40972 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-starter-data-mongodb-reactive."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-mongodb-reactive@2.6.15-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f8dc6200-fe2d-5ff3-89df-9b0f5cef607f",
      "id": "CVE-2026-40973",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40973 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-starter-data-mongodb-reactive."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-mongodb-reactive@2.6.15-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:16c7d6e2-41cc-51d1-888a-d984c661ad5c",
      "id": "CVE-2026-40974",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40974 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-starter-data-mongodb-reactive."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-mongodb-reactive@2.6.15-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:44437d54-b5df-5afe-8b2a-a215f49a2442",
      "id": "CVE-2026-40975",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40975 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-starter-data-mongodb-reactive."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-mongodb-reactive@2.6.15-tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6aea3837-b478-526e-865b-731a10daee60",
      "id": "CVE-2026-40977",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40977 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-starter-data-mongodb-reactive."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-mongodb-reactive@2.6.15-tuxcare.4"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-mongodb-reactive@2.6.15-tuxcare.4"
    }
  ]
}