{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:581354a2-ff24-533e-8f04-2b31a0ebce9f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.security/spring-security-openid@5.8.16.tuxcare", "type": "library", "group": "org.springframework.security", "name": "spring-security-openid", "version": "5.8.16.tuxcare", "purl": "pkg:maven/org.springframework.security/spring-security-openid@5.8.16.tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:132186ea-a118-51fc-a9db-5c0f9d081efa", "id": "CVE-2007-1651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1651 affects version 5.8.16.tuxcare of org.springframework.security:spring-security-openid." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-openid@5.8.16.tuxcare" } ] }, { "bom-ref": "urn:uuid:011545a6-e099-5fdd-863f-95cb15108761", "id": "CVE-2007-1652", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1652 affects version 5.8.16.tuxcare of org.springframework.security:spring-security-openid." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-openid@5.8.16.tuxcare" } ] }, { "bom-ref": "urn:uuid:d5c10e4b-ddd2-565f-87a4-c350d56a4fca", "id": "CVE-2020-5408", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-5408 does not affect version 5.8.16.tuxcare of org.springframework.security:spring-security-openid. Version 5.8.16 is not vulnerable to CVE-2020-5408. No backport is needed. The fix was included in Spring Security 5.3.2, and version 5.8.16 already incorporates it." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-openid@5.8.16.tuxcare" } ] }, { "bom-ref": "urn:uuid:48775e55-e165-5bef-a6de-4144b7cc6b5f", "id": "CVE-2023-34035", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-34035 is a false positive for org.springframework.security:spring-security-openid 5.8.16.tuxcare." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-openid@5.8.16.tuxcare" } ] }, { "bom-ref": "urn:uuid:889b6c2b-5887-58de-9fff-ab2b807d5e34", "id": "CVE-2023-34042", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2023-34042 does not affect version 5.8.16.tuxcare of org.springframework.security:spring-security-openid. Version 5.8.16 is not vulnerable to CVE-2023-34042. No backport is needed. The fix was included in Spring Security 5.8.7, and version 5.8.16 already incorporates it." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-openid@5.8.16.tuxcare" } ] }, { "bom-ref": "urn:uuid:bc808055-5e0e-5dc9-b08c-23f5aa33659f", "id": "CVE-2025-22228", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22228 is fixed in version 5.8.16.tuxcare of org.springframework.security:spring-security-openid." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-openid@5.8.16.tuxcare" } ] }, { "bom-ref": "urn:uuid:d6aac929-6f93-50d2-88b5-f48027c907e1", "id": "CVE-2025-22234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22234 affects version 5.8.16.tuxcare of org.springframework.security:spring-security-openid." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-openid@5.8.16.tuxcare" } ] }, { "bom-ref": "urn:uuid:00f13303-3c0e-56f4-88fe-eab524413562", "id": "CVE-2025-41248", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41248 is a false positive for org.springframework.security:spring-security-openid 5.8.16.tuxcare." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-openid@5.8.16.tuxcare" } ] }, { "bom-ref": "urn:uuid:19f2b062-77a6-5d18-a603-5539f5e046df", "id": "CVE-2026-22732", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22732 affects version 5.8.16.tuxcare of org.springframework.security:spring-security-openid." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-openid@5.8.16.tuxcare" } ] }, { "bom-ref": "urn:uuid:2cec085c-9eab-5f49-a2e8-1c708214cd47", "id": "CVE-2026-22746", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22746 affects version 5.8.16.tuxcare of org.springframework.security:spring-security-openid." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-openid@5.8.16.tuxcare" } ] }, { "bom-ref": "urn:uuid:3450a76c-e76c-5c2a-b513-05559ed13df5", "id": "CVE-2026-22747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22747 affects version 5.8.16.tuxcare of org.springframework.security:spring-security-openid." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-openid@5.8.16.tuxcare" } ] }, { "bom-ref": "urn:uuid:1618fea1-9720-5ab6-bb78-e1eed42fa29c", "id": "CVE-2026-22748", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22748 affects version 5.8.16.tuxcare of org.springframework.security:spring-security-openid." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-openid@5.8.16.tuxcare" } ] }, { "bom-ref": "urn:uuid:f836e5d5-1592-544b-a26e-ebb45715ac92", "id": "CVE-2026-22753", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22753 affects version 5.8.16.tuxcare of org.springframework.security:spring-security-openid." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-openid@5.8.16.tuxcare" } ] }, { "bom-ref": "urn:uuid:1924cd54-61fd-50dc-94b7-9cc4169d6936", "id": "CVE-2026-22754", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22754 affects version 5.8.16.tuxcare of org.springframework.security:spring-security-openid." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-openid@5.8.16.tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.security/spring-security-openid@5.8.16.tuxcare" } ] }