{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:231b0a13-2865-5ad3-9045-0b1d865c794b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.7.18.tuxcare.2", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-actuator", "version": "2.7.18.tuxcare.2", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.7.18.tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:77e56859-f753-54f8-b200-3c37ebe95344", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.18.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.7.18.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e90f3e62-d79f-5527-a302-3cbccde38428", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.7.18.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.7.18.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d998f6c-9cd2-5ea9-a72e-6d206e807174", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 2.7.18.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.7.18.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:adc708d5-3063-5990-bb75-1b1e35170dc3", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.7.18.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.7.18.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d4f1d61b-1645-5186-ab67-b4d704033ce5", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.7.18.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.7.18.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:652791a4-3448-5848-9d86-fa7e3e9af4c7", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.7.18.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.7.18.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:271c4b22-e24a-5034-98c0-ff7a1b94a353", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.18.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.7.18.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f82b96c-8f17-5a6d-9aa0-4cd953960da4", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.18.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.7.18.tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1892b5d2-1cd9-51a6-839f-e0c7d74508aa", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.18.tuxcare.2 of org.springframework.boot:spring-boot-starter-actuator." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.7.18.tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-actuator@2.7.18.tuxcare.2" } ] }