{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2422469b-66ef-565c-94b1-965b5672a10f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.2", "type": "library", "group": "org.springframework.security", "name": "spring-security-oauth2-resource-server", "version": "6.3.10-tuxcare.2", "purl": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:44e11b14-543b-5664-9465-575a3e1d584d", "id": "CVE-2026-22732", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22732 is fixed in version 6.3.10-tuxcare.2 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ee85d42c-0426-58c8-b2c9-eb5430c73732", "id": "CVE-2026-22746", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22746 affects version 6.3.10-tuxcare.2 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:30749ac2-a8f8-5741-a5ff-80bba534b2a5", "id": "CVE-2026-22747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22747 affects version 6.3.10-tuxcare.2 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3a7f5426-e3b6-5fdc-8035-046564cec9f9", "id": "CVE-2026-22748", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22748 affects version 6.3.10-tuxcare.2 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0e9cc1c4-a1e6-55f2-ac1d-ceaa521408f5", "id": "CVE-2026-22753", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22753 affects version 6.3.10-tuxcare.2 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e2233819-01d9-5697-a783-1a6f8eca0b60", "id": "CVE-2026-22754", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22754 affects version 6.3.10-tuxcare.2 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.2" } ] }