{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:02104782-a5be-5bc2-a3fd-96b668f5d9fd", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.3.6.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-devtools", "version": "2.3.6.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.3.6.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:625a64ad-a359-58fd-94d9-3d111c08b8c7", "id": "CVE-2023-20873", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:697a3bb6-ff87-5828-85a4-093519b28e7d", "id": "CVE-2023-20883", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1b06b7c3-0861-5114-9e1b-668b5f969f38", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:64bcd58f-13e8-53f1-a631-888afe437e53", "id": "CVE-2023-38286", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-38286 is a false positive for org.springframework.boot:spring-boot-devtools 2.3.6.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:92bedbab-8f1d-5b43-84f7-62e749496c28", "id": "CVE-2024-38807", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38807 is fixed in version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f62df11f-2756-5da2-bf98-985d86142fab", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:68870af7-f7d1-5c2d-be63-ffa45ca8ec69", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:63d3d0b6-bd5d-571c-9783-36142a24f92c", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a59b2dad-e202-538f-a70b-c2fcc837c4cc", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8a1c3534-15df-5773-b47e-291bd1ad6043", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3d0451ea-01f9-5766-8611-b09462e4c8a3", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.3.6.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dd685545-4a12-580a-86af-87d9ea66a8e8", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.3.6.RELEASE-tuxcare.3 of org.springframework.boot:spring-boot-devtools." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.3.6.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-devtools@2.3.6.RELEASE-tuxcare.3" } ] }