{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:680920ff-bfba-5fc9-97be-5ae5efaa0d17", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.6.15-tuxcare.6", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-web", "version": "2.6.15-tuxcare.6", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.6.15-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:90d9e7fd-c0f4-53ae-806f-231d4302290e", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.6.15-tuxcare.6 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.6.15-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:db870685-ceba-5d20-8439-664fcdf53603", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.6.15-tuxcare.6 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.6.15-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:283744ec-7427-5779-815b-916d5a5bd9e0", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.6.15-tuxcare.6 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.6.15-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e922cd7c-4362-5ea0-9af4-ac1e00a4aa37", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.6.15-tuxcare.6 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.6.15-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6a7e6951-8c2c-5780-8da1-edea27a8a162", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.6.15-tuxcare.6 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.6.15-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2a54b034-4fec-597f-a505-ae291155ae5b", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.6.15-tuxcare.6 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.6.15-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:151e6cac-c1e5-56ba-84ce-873eda824796", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.6.15-tuxcare.6 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.6.15-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:14882de2-3062-59ed-80af-43a67c0c3839", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.6.15-tuxcare.6 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.6.15-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d038835b-ddca-56aa-ab67-051b3585f9b6", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.6.15-tuxcare.6 of org.springframework.boot:spring-boot-starter-web." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.6.15-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.6.15-tuxcare.6" } ] }