{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c9b98463-0219-5b56-8d88-1b2bb40707ab", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.1", "type": "library", "group": "org.springframework.security", "name": "spring-security-oauth2-resource-server", "version": "6.3.10-tuxcare.1", "purl": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:089fd078-f22f-5c42-9a5e-37803eb7538b", "id": "CVE-2026-22732", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22732 is fixed in version 6.3.10-tuxcare.1 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:418d6748-470f-5992-af5c-5be17f99cb9c", "id": "CVE-2026-22746", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22746 affects version 6.3.10-tuxcare.1 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e3fc4224-6b7a-5742-81e2-c5559a5f3350", "id": "CVE-2026-22747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22747 affects version 6.3.10-tuxcare.1 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b8c0fb31-b4c3-5c87-8727-8eac396d06c1", "id": "CVE-2026-22748", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22748 affects version 6.3.10-tuxcare.1 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:347d2d68-4ec6-5a30-aaf3-c90f0d748451", "id": "CVE-2026-22753", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22753 affects version 6.3.10-tuxcare.1 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae0dfe36-4ab1-5a84-aaa8-549cf3bab8c4", "id": "CVE-2026-22754", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22754 affects version 6.3.10-tuxcare.1 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.1" } ] }