{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a4a25b0e-0d12-50cf-86dc-db51a9f0d5ac", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-data-neo4j", "version": "2.3.6.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fec2c74d-ad38-5c80-b7d2-5456b04a1e49", "id": "CVE-2023-20873", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20873 is fixed in version 2.3.6.RELEASE-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-neo4j." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e744c5c-3af4-50e1-84e4-7767984a8a69", "id": "CVE-2023-20883", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20883 is fixed in version 2.3.6.RELEASE-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-neo4j." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d90a4a25-4951-5b4b-9c87-1770892d43a6", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.3.6.RELEASE-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-neo4j." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c44c282-d87b-541a-9dd0-828174557d5f", "id": "CVE-2023-38286", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-38286 is a false positive for org.springframework.boot:spring-boot-starter-data-neo4j 2.3.6.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03767240-a245-578d-9aa3-00b5cdf1dc98", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.3.6.RELEASE-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-neo4j." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3b3c64a-580c-5263-ae9b-3482fe896552", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 2.3.6.RELEASE-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-neo4j." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bcabbab7-a124-54fc-ba9a-002f6b5ef6f9", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.3.6.RELEASE-tuxcare.2 of org.springframework.boot:spring-boot-starter-data-neo4j." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-neo4j@2.3.6.RELEASE-tuxcare.2" } ] }