{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cb0849c9-a644-572b-9f26-8fe1c4cb1d2d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16.tuxcare.3", "type": "library", "group": "org.springframework.security", "name": "spring-security-data", "version": "5.8.16.tuxcare.3", "purl": "pkg:maven/org.springframework.security/spring-security-data@5.8.16.tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4e10dad9-cb29-5604-b89d-9af710e414ac", "id": "CVE-2007-1651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1651 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-data." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4d2247ff-489f-5c93-b511-c911543fa97d", "id": "CVE-2007-1652", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1652 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-data." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:89beb7d4-b8a4-5a3f-83a7-5ae62d4dd761", "id": "CVE-2020-5408", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-5408 does not affect version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-data. Version 5.8.16 is not vulnerable to CVE-2020-5408. No backport is needed. The fix was included in Spring Security 5.3.2, and version 5.8.16 already incorporates it." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9dd6ebe4-1482-5ec6-83fd-b9ba141e0983", "id": "CVE-2023-34035", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-34035 is a false positive for org.springframework.security:spring-security-data 5.8.16.tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cda2bfa0-c007-51d5-8b04-f08142d17e45", "id": "CVE-2023-34042", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2023-34042 does not affect version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-data. Version 5.8.16 is not vulnerable to CVE-2023-34042. No backport is needed. The fix was included in Spring Security 5.8.7, and version 5.8.16 already incorporates it." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:af427c7d-8682-5499-b46b-8ef4e4f04c31", "id": "CVE-2025-22228", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22228 is fixed in version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-data." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8abdae2a-f13a-5acd-9a54-6fefa69841b3", "id": "CVE-2025-22234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22234 is fixed in version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-data." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:37219272-d916-5f6f-bb8e-b5601b60a8ce", "id": "CVE-2025-41248", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41248 is a false positive for org.springframework.security:spring-security-data 5.8.16.tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:41f2409e-2e61-573a-b751-dddd1997b4f8", "id": "CVE-2026-22732", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22732 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-data." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2f6461b5-8106-54aa-be69-1c127ba48f62", "id": "CVE-2026-22746", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22746 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-data." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:61202637-f73e-580a-85e2-94af67bc896d", "id": "CVE-2026-22747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22747 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-data." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5d48c6d3-b810-57ca-a28f-d42d5992907b", "id": "CVE-2026-22748", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22748 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-data." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3cd74e05-94e1-5a95-a4d7-9e249fd28b49", "id": "CVE-2026-22753", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22753 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-data." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16.tuxcare.3" } ] }, { "bom-ref": "urn:uuid:83a4660e-b2d2-5929-ae76-a3b81b71beb6", "id": "CVE-2026-22754", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22754 affects version 5.8.16.tuxcare.3 of org.springframework.security:spring-security-data." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16.tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16.tuxcare.3" } ] }