{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7e3b177b-a13b-5c7e-a6a7-f636a00c6007", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-core", "version": "5.3.37-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:728c25e2-4788-5c27-8e74-c7e1ccec7dce", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:76c6f909-4c4b-5111-a391-ead418bc2ac2", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:62e5dc3f-a82d-5a3f-a674-85310061da75", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:155d1479-9c6b-5d35-aff1-e732378095f5", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cfdc46cb-ade4-5953-9c3a-fcbbb07747f9", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:08738cf7-e321-5a3f-976d-7830f2cc4dfc", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:61c44808-3259-5e1c-822c-93fd5aec4f7c", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b5679bb2-19fe-55d8-a62a-d2d50d60b7b7", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:48678aab-cfd1-5fff-8425-1b171a0b7d22", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3395da6d-a466-55c1-86b8-57b9110f3f45", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5e7bbbcb-9820-5db2-82cb-0a6ea440a14e", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:df9021de-871f-5233-a8d3-c7e68c3ba8b0", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.37-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e599e5b1-0b26-5478-b68b-137716f51c29", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b4b94b6c-493b-55c7-9e40-c95326c2709d", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:25557d4e-7eca-57cc-b403-0251177ce815", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1d812a74-51b5-5535-85a1-f3f43fb70e4e", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-core@5.3.37-tuxcare.4" } ] }