{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d159ab5d-dc4f-52ac-8a2a-b0d262cfdcba", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-json@2.7.18.tuxcare.1", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-json", "version": "2.7.18.tuxcare.1", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-json@2.7.18.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:50fd202f-4821-5065-805a-1dfb45cc8350", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.18.tuxcare.1 of org.springframework.boot:spring-boot-starter-json." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-json@2.7.18.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7fb94acd-6e91-5a29-9e6c-e7416d2c96b7", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.7.18.tuxcare.1 of org.springframework.boot:spring-boot-starter-json." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-json@2.7.18.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3bb0c3d-1e06-576b-a2f6-4a2d71af3e6d", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 2.7.18.tuxcare.1 of org.springframework.boot:spring-boot-starter-json." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-json@2.7.18.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:511e96e8-9357-5867-a833-bcbb2893aeae", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.7.18.tuxcare.1 of org.springframework.boot:spring-boot-starter-json." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-json@2.7.18.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:32b62bb8-a95e-5532-a987-609439a547a8", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.7.18.tuxcare.1 of org.springframework.boot:spring-boot-starter-json." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-json@2.7.18.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:17985b07-1125-5cab-9d4b-fbdff014dc81", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.7.18.tuxcare.1 of org.springframework.boot:spring-boot-starter-json." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-json@2.7.18.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7585b608-52a3-5305-a1dd-a47145d58e82", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.18.tuxcare.1 of org.springframework.boot:spring-boot-starter-json." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-json@2.7.18.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b1ebef9-d005-5538-8319-756f00097908", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.18.tuxcare.1 of org.springframework.boot:spring-boot-starter-json." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-json@2.7.18.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:91723ab3-1d70-5cd7-9920-fca39a032ec2", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.18.tuxcare.1 of org.springframework.boot:spring-boot-starter-json." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-json@2.7.18.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-json@2.7.18.tuxcare.1" } ] }