{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b78965d3-39c4-5bfa-a408-467fb8b96b10", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.2", "type": "library", "group": "org.springframework.security", "name": "spring-security-saml2-service-provider", "version": "6.3.10-tuxcare.2", "purl": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a13ce135-f21c-5c21-9cef-f5159b31a5da", "id": "CVE-2026-22732", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22732 is fixed in version 6.3.10-tuxcare.2 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0e1f9efa-2b7a-5675-8431-6a042a299984", "id": "CVE-2026-22746", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22746 affects version 6.3.10-tuxcare.2 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a2eec136-5142-55a6-b8e1-584fc3f6a01e", "id": "CVE-2026-22747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22747 affects version 6.3.10-tuxcare.2 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d97de7ea-8f79-5ac9-92d3-31a261fc46d3", "id": "CVE-2026-22748", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22748 affects version 6.3.10-tuxcare.2 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0502046f-053e-573a-9ae7-e03f085d735f", "id": "CVE-2026-22753", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22753 affects version 6.3.10-tuxcare.2 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:38d43a2f-85c4-564c-9c6c-f73108c0546e", "id": "CVE-2026-22754", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22754 affects version 6.3.10-tuxcare.2 of org.springframework.security:spring-security-saml2-service-provider." }, "affects": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.security/spring-security-saml2-service-provider@6.3.10-tuxcare.2" } ] }