{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d464806e-4184-5913-8814-cbe4fb1ff8e1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@3.3.13-tuxcare.1", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-data-elasticsearch", "version": "3.3.13-tuxcare.1", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@3.3.13-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0e1a56c8-d1a3-52ab-a720-a9acd1c4aea1", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 3.3.13-tuxcare.1 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@3.3.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4cc8df83-320b-57eb-b80d-84ee853b6c54", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 3.3.13-tuxcare.1 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@3.3.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:738eed05-c8ad-50b2-99e2-e87e75547a2b", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 3.3.13-tuxcare.1 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@3.3.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:03cfcf35-ff45-5b0f-948e-8fa3199fd150", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 3.3.13-tuxcare.1 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@3.3.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2a6c480e-e64a-5198-9ab6-3deaca1a9cb5", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 3.3.13-tuxcare.1 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@3.3.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9009a8b-d224-5f4b-b5e6-88c48b8b9161", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 3.3.13-tuxcare.1 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@3.3.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c9d3be5-cbb0-51aa-847a-5927d71b5854", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 3.3.13-tuxcare.1 of org.springframework.boot:spring-boot-starter-data-elasticsearch." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@3.3.13-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-elasticsearch@3.3.13-tuxcare.1" } ] }