{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:24ca6c7d-599d-565b-b099-5a6f31024c04", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.security/spring-security-oauth2-jose@5.6.10-tuxcare.3", "type": "library", "group": "org.springframework.security", "name": "spring-security-oauth2-jose", "version": "5.6.10-tuxcare.3", "purl": "pkg:maven/org.springframework.security/spring-security-oauth2-jose@5.6.10-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:79ace6ae-78fd-542d-a433-57ded178c1a6", "id": "CVE-2007-1651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1651 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-jose." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-jose@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d2c8ca88-91a8-562e-b47f-a2591c939693", "id": "CVE-2007-1652", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2007-1652 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-jose." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-jose@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:19edbc0a-f5a9-5f00-89cd-2c40d3406b7d", "id": "CVE-2020-5408", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5408 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-jose." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-jose@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7cfb8abe-f295-5f08-b36f-82d2931d9a3f", "id": "CVE-2023-34034", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34034 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-jose." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-jose@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c9ef3890-f46f-5cef-8820-150fedb2e97d", "id": "CVE-2023-34042", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34042 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-jose." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-jose@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b53f5a76-5c6d-51cb-aa43-50318f3c9050", "id": "CVE-2024-22257", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22257 is fixed in version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-jose." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-jose@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d3bcbc9-b6f0-5b30-b607-bad922e8fac5", "id": "CVE-2024-38821", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38821 is fixed in version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-jose." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-jose@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:97d34a8c-ca05-579c-9948-988862b77c2f", "id": "CVE-2024-38827", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38827 is fixed in version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-jose." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-jose@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:96632eb4-401c-53f8-b11f-9e4d229647b9", "id": "CVE-2025-22228", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22228 is fixed in version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-jose." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-jose@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:91a448f1-69ef-576c-8f84-56f90661ee49", "id": "CVE-2025-41248", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41248 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-jose." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-jose@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7f8f8967-9539-5003-b0c1-f67d72ca2aad", "id": "CVE-2026-22732", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22732 is fixed in version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-jose." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-jose@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d92910da-5e65-515b-9588-1a7458bde579", "id": "CVE-2026-22746", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22746 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-jose." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-jose@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3b4c6b43-8889-57b0-bc1e-92c77e427a53", "id": "CVE-2026-22747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22747 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-jose." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-jose@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9189db38-9710-5c34-b06a-7152246d8a36", "id": "CVE-2026-22748", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22748 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-jose." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-jose@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:13294961-4473-5a74-a766-69933363deea", "id": "CVE-2026-22753", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22753 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-jose." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-jose@5.6.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:35604e9d-b72e-5412-8620-e0752a12003c", "id": "CVE-2026-22754", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22754 affects version 5.6.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-jose." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-jose@5.6.10-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-jose@5.6.10-tuxcare.3" } ] }