{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:65da470b-7642-5615-8b1c-1908c7614e92", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-core", "version": "5.3.37-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:58a641ef-7038-55a9-b9fa-47c437feb7cd", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6708b3fe-4045-5b15-872a-4ffd6d42785c", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.37-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8c0d01dc-e949-5409-9664-994de11f20e9", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21f64396-a56e-582c-b7ee-a13d1cc3f42b", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e6c3e814-179c-5924-a676-721cab3db1d9", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:37454180-09e6-55e6-b9f4-78049407dd18", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d253f825-f37e-5e98-9ed8-47715daba14c", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ff93b98-b05b-5a5e-929a-021d18259c41", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.37-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70ab655b-2422-5309-b070-24ae966f8035", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:44fb822a-5174-5fe5-9457-f2e8870c6a9f", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fea1d5bd-3536-536e-b8e7-6debd3cbef81", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7d34e787-2586-5a6d-92dd-f03ad20cb4c2", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.37-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c6a77cce-32d7-57ac-8f23-bcab38c16b05", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:71cb741a-14ed-5942-a37e-edc41d28fa5e", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.37-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0961fd8e-b2cd-5e8f-8a81-691e99371e59", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:494e8f39-aa05-5012-9992-a8a337ff506c", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.2 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.2" } ] }