{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:ae732773-2415-54ef-a4eb-799a252d74a3",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.2",
      "type": "library",
      "group": "org.springframework",
      "name": "spring-expression",
      "version": "6.0.16-tuxcare.2",
      "purl": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.2"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:874c85be-8efd-53f1-8814-3c6793d36bb3",
      "id": "CVE-2024-22243",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-22243 is fixed in version 6.0.16-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:529b59f3-a16e-5d1d-9a64-26227a739bd4",
      "id": "CVE-2024-22259",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-22259 is fixed in version 6.0.16-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:77fa72e9-778f-51ee-b71e-e8aef6dac11c",
      "id": "CVE-2024-22262",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-22262 is fixed in version 6.0.16-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:db453e73-5f50-5448-8f37-e99a0ba4870a",
      "id": "CVE-2024-38809",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38809 is fixed in version 6.0.16-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:da4567d7-ab4d-571f-9c83-1e167a99fdb2",
      "id": "CVE-2024-38816",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38816 is fixed in version 6.0.16-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:366cfa73-7dd3-5d77-914a-6fbf05725334",
      "id": "CVE-2024-38819",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38819 is fixed in version 6.0.16-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:edeea0a2-6a0d-5a4c-b01f-9edb8e4a0877",
      "id": "CVE-2024-38820",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38820 is fixed in version 6.0.16-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2abeb038-2c50-55a2-b917-bbb1d7f3a92c",
      "id": "CVE-2025-22233",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-22233 is fixed in version 6.0.16-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2412f981-f83d-5c92-be65-b49a43254012",
      "id": "CVE-2025-41234",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.0.16-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f53fe813-9b5c-5deb-8a4a-d860a69c7678",
      "id": "CVE-2025-41242",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.0.16-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d9c6c890-e506-59a8-bc95-dea26e19ac3e",
      "id": "CVE-2025-41249",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.0.16-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:91653315-2d64-50b7-9736-a877436facf7",
      "id": "CVE-2025-41254",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.0.16-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:25f19918-b352-52c8-ab29-b68806bc0db4",
      "id": "CVE-2026-22735",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22735 affects version 6.0.16-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f195c2d4-da40-5891-a9a5-3185a55414aa",
      "id": "CVE-2026-22737",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22737 affects version 6.0.16-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f082f0aa-9c39-5535-bd17-4a0c678f07c3",
      "id": "CVE-2026-22740",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.0.16-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9744499f-a779-5d77-9458-8d0478cb08df",
      "id": "CVE-2026-22741",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22741 affects version 6.0.16-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3dab8bb1-25fe-56e7-a7aa-c8a7fe3eb296",
      "id": "CVE-2026-22745",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22745 affects version 6.0.16-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.2"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.2"
    }
  ]
}