{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1d5a392f-1b0c-5cfe-b248-c0bf0ecea1d1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.security/spring-security-oauth2-core@5.6.10-tuxcare.3", "type": "library", "group": "org.springframework.security", "name": "spring-security-oauth2-core", "version": "5.6.10-tuxcare.3", "purl": "pkg:maven/org.springframework.security/spring-security-oauth2-core@5.6.10-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d11e590e-3b4e-50c9-b7d6-e8422fa3b7b7", "id": "CVE-2007-1651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1651 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9b579459-ee3a-51a2-8cfa-7301d4c9c0c6", "id": "CVE-2007-1652", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1652 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f4574605-8534-5a80-8140-031a8cfdafa2", "id": "CVE-2020-5408", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5408 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1cb28571-f3be-5d7d-b61e-ba01456049b3", "id": "CVE-2023-34034", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34034 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:875a1206-07fc-54a1-873b-dadc0ce2411e", "id": "CVE-2023-34042", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34042 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b1ac7d2f-e9d9-5987-9a46-7f0c229eb16c", "id": "CVE-2024-22257", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22257 is fixed in version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ed40e556-13f4-59d2-b18e-cf3c64b29d6f", "id": "CVE-2024-38821", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38821 is fixed in version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a997c006-68f6-5b62-b581-05f9f18d1b19", "id": "CVE-2024-38827", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38827 is fixed in version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d254fade-22df-5db6-8404-d8e4a665d59e", "id": "CVE-2025-22228", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22228 is fixed in version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:317ca2c5-4d83-5932-9902-f5721647f690", "id": "CVE-2025-41248", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41248 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7b61bb8b-30f6-58c9-b3f9-197c2a80df0c", "id": "CVE-2026-22732", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22732 is fixed in version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:02bda7a0-1b8c-5d5e-ad63-0884d3d382b6", "id": "CVE-2026-22746", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22746 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:02f2eb29-487e-519f-9478-331747ea361b", "id": "CVE-2026-22747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22747 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:70d687a2-7260-5eaa-bc78-bff3938c7725", "id": "CVE-2026-22748", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22748 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:abd908ee-0af7-5c52-91b7-a68437284cbc", "id": "CVE-2026-22753", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22753 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-core@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ded1d346-694c-562e-8607-de356a50b6d0", "id": "CVE-2026-22754", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22754 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-core." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-core@5.6.10-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-core@5.6.10-tuxcare.3" } ] }