{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f9c158c8-5805-5a4d-b988-f66c9d22bf19", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-core", "version": "5.3.37-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8a3df68a-0f60-5f10-847a-1c0afb87b8af", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72cac00d-8606-5996-b6f7-ce969dabb7af", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.37-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3bb1a357-af0d-5147-8d1f-e00a700d6b85", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa5f31fc-3c78-5848-a308-57b48f652c59", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.37-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42bf08c9-840f-5d54-816b-61e376b62588", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:40a2b017-8f46-53c2-bad3-bce753def26a", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81bb45ce-5fe3-5017-a78a-47e99aad439d", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:38eec993-1bb0-52bd-a5eb-e0cbf8cd637e", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.37-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84bd81da-3506-5567-a954-321ecfc77ace", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2c29f200-0bce-5110-a88d-8bc5099acdc8", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.37-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:970cd97d-3b8c-5a65-b224-38c717a26cb7", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2e19bf49-3c4d-5594-b082-52e585b17f1f", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.37-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf939597-38f0-5c32-9c74-3e332c0dcf1f", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f73b65d-d9cf-51e4-b3e8-d7901e49a8ee", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.37-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f4b1f1a-ca37-5e18-9883-b8ab99523e3a", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d1902a0e-912c-500c-b569-3b061798c413", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.1 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.1" } ] }