{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b70e0bd9-37b3-5d6f-875c-f8f2f70ffcdd", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.18.tuxcare", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-maven-plugin", "version": "2.7.18.tuxcare", "purl": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.18.tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:404aed89-f03a-5c03-927b-e37b3d05984c", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.18.tuxcare of org.springframework.boot:spring-boot-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.18.tuxcare" } ] }, { "bom-ref": "urn:uuid:89a9d23d-3893-5bc1-8a4a-690c0ac1531c", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.7.18.tuxcare of org.springframework.boot:spring-boot-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.18.tuxcare" } ] }, { "bom-ref": "urn:uuid:7aa6d469-203e-52c7-a07a-41f872723c86", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 2.7.18.tuxcare of org.springframework.boot:spring-boot-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.18.tuxcare" } ] }, { "bom-ref": "urn:uuid:fa5f3f2d-61e6-5c37-b04f-ba4b9d5a3e01", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.7.18.tuxcare of org.springframework.boot:spring-boot-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.18.tuxcare" } ] }, { "bom-ref": "urn:uuid:650f4d5e-003b-58fc-94a6-e880e6f74885", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.7.18.tuxcare of org.springframework.boot:spring-boot-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.18.tuxcare" } ] }, { "bom-ref": "urn:uuid:cdca8188-e7cd-533a-a532-9c37aa32b650", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.7.18.tuxcare of org.springframework.boot:spring-boot-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.18.tuxcare" } ] }, { "bom-ref": "urn:uuid:dd00ea1d-afa9-5889-9cc0-fab03ef2a3cb", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.18.tuxcare of org.springframework.boot:spring-boot-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.18.tuxcare" } ] }, { "bom-ref": "urn:uuid:f7c5ec56-4e2b-52e2-a04d-1d3beb1d0ba6", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.18.tuxcare of org.springframework.boot:spring-boot-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.18.tuxcare" } ] }, { "bom-ref": "urn:uuid:a90c5bdb-a4b3-505f-9be9-e2c369c3f2cc", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.18.tuxcare of org.springframework.boot:spring-boot-maven-plugin." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.18.tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-maven-plugin@2.7.18.tuxcare" } ] }