{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:517a80dd-8e8f-502b-ac5b-8fba7d39905f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter", "version": "2.6.15-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9ce5c41c-ffdc-5e13-afbc-ad7b9c8da0d6", "id": "CVE-2023-34055", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34055 affects version 2.6.15-tuxcare.3 of org.springframework.boot:spring-boot-starter." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4bac3865-6620-5f55-a0f0-42965e9afbf7", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.6.15-tuxcare.3 of org.springframework.boot:spring-boot-starter." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e449739a-7a09-5879-a2b2-7826341352cc", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.6.15-tuxcare.3 of org.springframework.boot:spring-boot-starter." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c8a233b1-ef77-57d3-9946-5a7b156d1233", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.6.15-tuxcare.3 of org.springframework.boot:spring-boot-starter." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6ef5db87-602b-5699-b5bf-1c38425ba44a", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.6.15-tuxcare.3 of org.springframework.boot:spring-boot-starter." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:469d6b11-98fc-5f72-a310-25a7b7bc4f14", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.6.15-tuxcare.3 of org.springframework.boot:spring-boot-starter." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0d0413a6-660d-5fa6-9da9-7a385808fbb3", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.6.15-tuxcare.3 of org.springframework.boot:spring-boot-starter." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e5d55817-9fc9-55eb-bb34-9c6f079ad6d4", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.6.15-tuxcare.3 of org.springframework.boot:spring-boot-starter." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:96c19d67-77ac-5211-b54b-5d16d5ef9362", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.6.15-tuxcare.3 of org.springframework.boot:spring-boot-starter." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.3" } ] }