{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b0eb88d4-2370-5282-8c27-2220f0ff6d09", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-core", "version": "5.3.37-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a4e91c20-e38b-5e69-a548-d9c91e73a22d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9214aecf-701d-58ca-b36e-d1e5aa7e312e", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cfc8e386-b223-5d35-9e69-05b123491c62", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0a381aab-159f-513a-840b-ef3e02d6a478", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5de2e0c7-2d56-58ed-b444-49507fc79cbc", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3ec79e86-c943-59e7-9f07-d745b7322c9e", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:36959cbe-8ae8-5dfb-9d40-3b8c315fd25e", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:948720b2-fd9e-576c-9033-679832d5e5b8", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.37-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:06dea91f-27dd-572c-94b3-0081820f61f2", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:199deea1-8668-54fd-8ca6-9dd51211f15a", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a511068f-733a-5777-9c3a-13276ef60f0b", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a8c32b50-1eb9-553b-900a-b5339df375a8", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.37-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f66c882a-7e1f-5d5d-b8ed-4e5b5aead100", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9576e0f1-572b-5b8b-99ca-5fd27ae6795f", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.37-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:342042d6-2472-5c4a-a61d-d9cec3e751fe", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8e632255-0a8d-5cbd-9c9d-7a61ca95941d", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.3 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.3" } ] }