{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5b46992b-dc02-5b07-b548-9bb91fc3c5ae", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.3", "type": "library", "group": "org.springframework.security", "name": "spring-security-oauth2-resource-server", "version": "6.3.10-tuxcare.3", "purl": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b0521b72-b3fb-5f29-8ad5-4e81a20712f3", "id": "CVE-2026-22732", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22732 is fixed in version 6.3.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:62012324-3828-5d62-82f5-70af8c7d0e40", "id": "CVE-2026-22746", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22746 affects version 6.3.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:53ece749-4a8b-517c-b51c-9119b6d26159", "id": "CVE-2026-22747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22747 affects version 6.3.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:52295c45-c6ee-5f72-aedc-38363fee2c07", "id": "CVE-2026-22748", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22748 affects version 6.3.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0193131c-12c5-5de2-bbff-514de349c2a6", "id": "CVE-2026-22753", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22753 affects version 6.3.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:60bce9ea-3ed4-5cd7-91db-4d8f4b63bd80", "id": "CVE-2026-22754", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22754 affects version 6.3.10-tuxcare.3 of org.springframework.security:spring-security-oauth2-resource-server." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.security/spring-security-oauth2-resource-server@6.3.10-tuxcare.3" } ] }