{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:71f43042-04e7-5a09-a25b-797618d6a3fa",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.3.39-tuxcare.10",
      "type": "library",
      "group": "org.springframework",
      "name": "spring-instrument",
      "version": "5.3.39-tuxcare.10",
      "purl": "pkg:maven/org.springframework/spring-instrument@5.3.39-tuxcare.10"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:c9b6846a-b5eb-546a-8456-85b67753e38b",
      "id": "CVE-2016-1000027",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.10 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0562b915-7279-59db-bc8c-bb6e49c26c6d",
      "id": "CVE-2022-22968",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.10 of org.springframework:spring-instrument. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers"
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:556089f0-3713-5444-92af-50584c8b0a48",
      "id": "CVE-2024-38816",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f839c228-ea7e-5aae-804e-363dddd49620",
      "id": "CVE-2024-38819",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ffccb343-dace-53ca-961a-9823d597b5b5",
      "id": "CVE-2024-38820",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a6e3e1b8-d822-598a-a5d4-c2fff501920e",
      "id": "CVE-2024-38828",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1222d2c2-8568-54ac-a206-04dbb1767b8a",
      "id": "CVE-2025-22233",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6075361e-72f7-51d5-b76d-6760f8e12175",
      "id": "CVE-2025-41234",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-instrument 5.3.39-tuxcare.10."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a9a5a8bf-7cb5-5d67-89f0-c944210d7767",
      "id": "CVE-2025-41242",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:813dad83-4aa5-5c4e-a4ad-2235817ff0e4",
      "id": "CVE-2025-41249",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fb7c1f01-4f2c-5bb6-8e0a-739e11e178a6",
      "id": "CVE-2025-41254",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6847abfd-30b2-5853-86ea-ca52c582f926",
      "id": "CVE-2026-22735",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.10 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d20190e4-3670-5000-a223-4e4d0efaa016",
      "id": "CVE-2026-22737",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39-tuxcare.10 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d6918214-bc75-5ee2-9461-7a0a1dc7c5a2",
      "id": "CVE-2026-22740",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:cc322b7b-6ec7-55dd-8000-705ce647282a",
      "id": "CVE-2026-22741",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39-tuxcare.10 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e0b9b140-87c3-5b72-b9ab-f2c78d24a372",
      "id": "CVE-2026-22745",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39-tuxcare.10 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39-tuxcare.10"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39-tuxcare.10"
    }
  ]
}