{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2a6f994a-cc6f-5346-b792-ca9fa3bf0e54", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "5.1.5.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a3f45a28-f6d9-5ffb-bbde-80bc38fae425", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e0455db5-5905-5ca7-9a25-03a74012088e", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7d1b8cbf-08a8-5557-98a3-8d0aa86b4b49", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:94136a03-83cc-56b3-b977-0f884cc44632", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c7ef4c99-3878-59f1-bded-7be2517fc262", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e60b59bf-7974-56b8-9b22-50a0ecf4a643", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:877afc8d-dd4b-5232-8571-ec5628a723d1", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6044712f-637c-5803-92da-2303c853bb4f", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4d591ee-c5fd-52ad-b051-39251c328d9b", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:165b5937-6a43-562c-a951-aab4c492fda9", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:915e4641-39cd-56ca-8c90-c67f17f42fcb", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e21cec1-675e-5d57-b6dc-8d20fa06baf6", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:58d7c3e5-7a83-5e22-809b-5aeb0ce232c6", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f28e9ab-2525-57e5-9705-b671278f1a21", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:280e7cc8-aa8b-5e95-927c-051e189752e8", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b80d95f7-7447-557e-ab8e-a261c5016a5a", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eeb34690-b4aa-5902-845f-3e5eb474a23b", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-instrument 5.1.5.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1a3b4633-e1e4-5fe1-bee3-a61fac18db0e", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:14801799-f8df-5cc8-a131-6ddb6dc19ac8", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e07ba267-5c30-58cb-9f9e-bd8979d90c03", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:231920db-9f38-5972-8a28-0f954f48da36", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4f68b909-a5ab-5ff3-9d84-76e7b409486c", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70724bac-45ca-5fdb-93c3-d5af6d3433b8", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d59ba920-2f40-52f1-bb1a-8cdd552c754d", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6bf1ed7-539f-59c7-a3e2-9da8c65247aa", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c1ba874a-3413-5e1a-9236-fac4119cc446", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe1d6552-7ee4-558a-9987-58d983bfb58a", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3320a4a8-aa89-5a63-a3f6-13efae41e405", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b7330aed-ca50-5174-996b-1d8e3eeffae5", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.1.5.RELEASE-tuxcare.2" } ] }