{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c963889c-ca0f-50ea-9344-5e1591e4b70a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@3.3.13-tuxcare.1", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-oauth2-resource-server", "version": "3.3.13-tuxcare.1", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@3.3.13-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b9da8448-8abe-54c7-9eaf-31c313ea216c", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 3.3.13-tuxcare.1 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@3.3.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f29194f-085c-5794-8059-11ba3993b1fc", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 3.3.13-tuxcare.1 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@3.3.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1893dd36-e7d3-5de1-8997-555db161ba77", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 3.3.13-tuxcare.1 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@3.3.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd1d9d74-6f98-5940-b473-5311fefefff0", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 3.3.13-tuxcare.1 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@3.3.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1bcc186b-b505-5cba-823b-af796743d72d", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 3.3.13-tuxcare.1 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@3.3.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12518b86-577b-54cb-b4c3-9e1328503503", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 3.3.13-tuxcare.1 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@3.3.13-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9faa06f-6345-5908-83c4-a0cbca1ef67e", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 3.3.13-tuxcare.1 of org.springframework.boot:spring-boot-starter-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@3.3.13-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-oauth2-resource-server@3.3.13-tuxcare.1" } ] }