{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7a8cde6a-b772-5d3d-b938-f64ed8a15ddc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "5.3.37-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7140c4f1-5c8f-5595-942a-4b11ff2a4ed8", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8b759eec-bb19-5a0b-8560-34a4dd0c03b7", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fafb0628-dcc1-5cf5-90d6-856a8ea7078a", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6afd09a4-5ae5-5576-b510-bc43be8d8402", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:359be2ca-43cc-5f86-a0b7-0978d6ae0c54", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bee96bab-476a-5bbd-b275-07f399771e9d", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c48cbcc5-1a9e-5d4a-9d31-076fcd946320", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4423419d-c80e-50bf-a34d-3a63a317a47d", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9df0349b-f868-5776-bca1-83bc239cbbf4", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b5490926-9caa-5ac5-919f-325da8a1e7c1", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:06707889-f81f-5e2e-8d6f-6ef29f9c034e", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9c7e240b-a357-549c-85d8-3dd940987e2b", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.37-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:20b8d676-7886-528b-a4a6-4eb7005c35e8", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:35158cb8-f5d5-57f7-ab60-fa1a245f2907", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ef893c73-464a-58e6-a603-88964640087a", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:50f25e47-a1ef-54e4-9835-d2adb61952b6", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.4 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.4" } ] }