{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9404cad7-ef82-5f98-90fd-ddcd68b2cc1c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-data-neo4j", "version": "2.3.6.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fec2c74d-ad38-5c80-b7d2-5456b04a1e49", "id": "CVE-2023-20873", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.3.6.RELEASE-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-neo4j." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e744c5c-3af4-50e1-84e4-7767984a8a69", "id": "CVE-2023-20883", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.3.6.RELEASE-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-neo4j." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d90a4a25-4951-5b4b-9c87-1770892d43a6", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.3.6.RELEASE-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-neo4j." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c44c282-d87b-541a-9dd0-828174557d5f", "id": "CVE-2023-38286", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-38286 is a false positive for org.springframework.boot:spring-boot-starter-data-neo4j 2.3.6.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03767240-a245-578d-9aa3-00b5cdf1dc98", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.3.6.RELEASE-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-neo4j." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3b3c64a-580c-5263-ae9b-3482fe896552", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 2.3.6.RELEASE-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-neo4j." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bcabbab7-a124-54fc-ba9a-002f6b5ef6f9", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.3.6.RELEASE-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-neo4j." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5074c189-fe77-5b4a-88ec-46bc77bcc46b", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.3.6.RELEASE-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-neo4j." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f614ea85-c7d8-5c5d-8f91-8a1108ee9e7b", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.3.6.RELEASE-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-neo4j." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:852ccd82-2f05-5c10-86a6-b70e034256eb", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.3.6.RELEASE-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-neo4j." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b53a75a0-a21f-519a-b532-f0a134a86c90", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.3.6.RELEASE-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-neo4j." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c5b3014-e024-59a3-94d8-f0b56d752cd3", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.3.6.RELEASE-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-neo4j." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ] }