{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c5eff587-b646-5bea-b10b-9a1f84c9000b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.2", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter", "version": "2.6.15-tuxcare.2", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b5e94f84-da58-55d0-a894-1d4f732232e7", "id": "CVE-2023-34055", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34055 affects version 2.6.15-tuxcare.2 of org.springframework.boot:spring-boot-starter." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a46714e6-dcd3-5df2-a1f8-3c476138b99d", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.6.15-tuxcare.2 of org.springframework.boot:spring-boot-starter." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:99f0104b-6778-5ff7-bd8b-ba9690aff531", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.6.15-tuxcare.2 of org.springframework.boot:spring-boot-starter." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b0a7d90b-15ea-5381-9c32-70854086aa91", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.6.15-tuxcare.2 of org.springframework.boot:spring-boot-starter." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ce5b973-0af8-517f-ae4b-220f527ce305", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.6.15-tuxcare.2 of org.springframework.boot:spring-boot-starter." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d54e5898-8fd7-50b1-b69e-10d1fe60cc66", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.6.15-tuxcare.2 of org.springframework.boot:spring-boot-starter." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2398dda4-64b8-592b-b6ae-d7e16d620f27", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.6.15-tuxcare.2 of org.springframework.boot:spring-boot-starter." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0bee4028-6e48-5ab1-9ba8-99f41cddfa41", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.6.15-tuxcare.2 of org.springframework.boot:spring-boot-starter." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:09a08359-3fd1-570b-9e24-f9174374c40e", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.6.15-tuxcare.2 of org.springframework.boot:spring-boot-starter." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter@2.6.15-tuxcare.2" } ] }