{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:e88257e0-4f18-5754-834c-100f180fa0e6",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework.boot/spring-boot@2.3.6.RELEASE-tuxcare.3",
      "type": "library",
      "group": "org.springframework.boot",
      "name": "spring-boot",
      "version": "2.3.6.RELEASE-tuxcare.3",
      "purl": "pkg:maven/org.springframework.boot/spring-boot@2.3.6.RELEASE-tuxcare.3"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:8314ff82-06ae-5847-94f9-f5b5db4012f3",
      "id": "CVE-2023-20873",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot@2.3.6.RELEASE-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6ff0773a-16d2-5a56-81ca-6d7b4110a3ba",
      "id": "CVE-2023-20883",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot@2.3.6.RELEASE-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6194802e-4056-5d17-9f73-42b7a5d0acdd",
      "id": "CVE-2023-34055",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot@2.3.6.RELEASE-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:27d3f823-8334-5798-9c2c-25cb1e80802f",
      "id": "CVE-2023-38286",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2023-38286 is a false positive for org.springframework.boot:spring-boot 2.3.6.RELEASE-tuxcare.3."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot@2.3.6.RELEASE-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:639d7776-e07b-5210-b264-4298404dff0e",
      "id": "CVE-2024-38807",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38807 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot@2.3.6.RELEASE-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9e48ef70-0b68-5c8b-8f58-9c95527ce1f5",
      "id": "CVE-2025-22235",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-22235 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot@2.3.6.RELEASE-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:756f8e47-8594-5b78-b53d-552df8d2ad5e",
      "id": "CVE-2026-22733",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22733 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot@2.3.6.RELEASE-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:99509292-9ecc-547c-a0b2-7139848670a9",
      "id": "CVE-2026-40972",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40972 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot@2.3.6.RELEASE-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:adc89186-585c-5378-b7e3-18db38d7b499",
      "id": "CVE-2026-40973",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40973 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot@2.3.6.RELEASE-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0482d81a-c8b0-5890-aba3-c8db536db4cc",
      "id": "CVE-2026-40974",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40974 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot@2.3.6.RELEASE-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:11968020-d994-5166-bb42-e78cb46966dc",
      "id": "CVE-2026-40975",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40975 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot@2.3.6.RELEASE-tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5b0f9ec1-95f1-52f3-b4bb-0ebbc498c339",
      "id": "CVE-2026-40977",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-40977 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework.boot/spring-boot@2.3.6.RELEASE-tuxcare.3"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework.boot/spring-boot@2.3.6.RELEASE-tuxcare.3"
    }
  ]
}