{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f54d98f6-b318-54e3-9650-27692656890c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.6.15-tuxcare.4", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-dependencies", "version": "2.6.15-tuxcare.4", "purl": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.6.15-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:92458121-b57a-5e67-a7ba-25a868c4d9ed", "id": "CVE-2023-34055", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34055 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-dependencies." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.6.15-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4de67f98-0157-51dd-937a-9a2c40cc16b9", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-dependencies." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.6.15-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0d4fae6e-4781-5a81-a8cc-c7026149ea5f", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-dependencies." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.6.15-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f4cca2a0-8b9b-5a56-9e7c-5e696f480a04", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-dependencies." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.6.15-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c4636fec-14a6-526b-87e9-084093ea9f5a", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-dependencies." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.6.15-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:43e0de20-6974-5374-9eb3-5f67192daf98", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-dependencies." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.6.15-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0cce8bfc-2ac8-5697-926b-ea6c7760086f", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-dependencies." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.6.15-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d1477bff-4f04-55a7-8fbb-25a4eb7168d9", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-dependencies." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.6.15-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6fc5c0db-7920-5679-af8f-4bc6df815982", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.6.15-tuxcare.4 of org.springframework.boot:spring-boot-dependencies." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.6.15-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-dependencies@2.6.15-tuxcare.4" } ] }