{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a2fb6624-0e30-59aa-975a-f56ee70ff4f1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16-tuxcare.5", "type": "library", "group": "org.springframework.security", "name": "spring-security-data", "version": "5.8.16-tuxcare.5", "purl": "pkg:maven/org.springframework.security/spring-security-data@5.8.16-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:48ea3071-4297-565e-b24a-669791deced7", "id": "CVE-2007-1651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1651 affects version 5.8.16-tuxcare.5 of org.springframework.security:spring-security-data." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e6e39283-6965-56d4-8a11-446cdb9f90c7", "id": "CVE-2007-1652", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1652 affects version 5.8.16-tuxcare.5 of org.springframework.security:spring-security-data." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:853279c7-8228-520b-8781-50365939823e", "id": "CVE-2020-5408", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-5408 does not affect version 5.8.16-tuxcare.5 of org.springframework.security:spring-security-data. Version 5.8.16 is not vulnerable to CVE-2020-5408. No backport is needed. The fix was included in Spring Security 5.3.2, and version 5.8.16 already incorporates it." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:61afe195-55f9-56a3-9368-6712a09e359a", "id": "CVE-2023-34035", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-34035 is a false positive for org.springframework.security:spring-security-data 5.8.16-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8b948973-88ae-5693-92cb-3a21779276c1", "id": "CVE-2023-34042", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2023-34042 does not affect version 5.8.16-tuxcare.5 of org.springframework.security:spring-security-data. Version 5.8.16 is not vulnerable to CVE-2023-34042. No backport is needed. The fix was included in Spring Security 5.8.7, and version 5.8.16 already incorporates it." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:21ddc02a-bb57-5989-92cb-ce5f9f5bab9d", "id": "CVE-2025-22228", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22228 is fixed in version 5.8.16-tuxcare.5 of org.springframework.security:spring-security-data." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6df2275b-ecb3-5e2d-b2c3-8e9ca9b8e153", "id": "CVE-2025-22234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22234 is fixed in version 5.8.16-tuxcare.5 of org.springframework.security:spring-security-data." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:73a6c247-4d60-5bbd-93d6-c0c76f727909", "id": "CVE-2025-41248", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41248 is a false positive for org.springframework.security:spring-security-data 5.8.16-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7c31bcb0-86c7-5b16-9fdc-7c22e743b774", "id": "CVE-2026-22732", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22732 affects version 5.8.16-tuxcare.5 of org.springframework.security:spring-security-data." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:114b9df2-d913-59d6-84e5-8f2fae4401cb", "id": "CVE-2026-22746", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22746 affects version 5.8.16-tuxcare.5 of org.springframework.security:spring-security-data." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:62fc8ec4-c1f3-54de-a9eb-49d0559fc2b9", "id": "CVE-2026-22747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22747 affects version 5.8.16-tuxcare.5 of org.springframework.security:spring-security-data." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:24f4ed9b-01b7-560f-b727-f5a96fa173e0", "id": "CVE-2026-22748", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22748 affects version 5.8.16-tuxcare.5 of org.springframework.security:spring-security-data." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:86143b79-e370-5e5b-9612-61452f81d166", "id": "CVE-2026-22753", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22753 affects version 5.8.16-tuxcare.5 of org.springframework.security:spring-security-data." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:991d0bf2-b65d-596f-b8e4-45be4a2f7d80", "id": "CVE-2026-22754", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22754 affects version 5.8.16-tuxcare.5 of org.springframework.security:spring-security-data." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.security/spring-security-data@5.8.16-tuxcare.5" } ] }