{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a6ada344-dab6-5f65-acc4-c7b9f5b6f695", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@6.1.20-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "6.1.20-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-instrument@6.1.20-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a1be2fbe-ff1b-5272-8248-e18e783961cb", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e04ca065-cc10-5b56-b13e-33ab4c3929d6", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e08a2073-aa2f-51ad-864f-bc6421b6307d", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7a4a34a3-2e86-54fc-a13c-14defc5bc99a", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a37f55fb-cc66-50f2-8c1e-dfc1c0980388", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:223003df-bddc-5340-9bff-9c695b0b286e", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8f6e9a74-a36b-5573-b311-1e7fece2eeae", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.20-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d0b37c36-f0cb-542b-8408-2a5a2a2e94ad", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a04b50a7-ed6b-55a1-a5c9-564545dc0415", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.20-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c29e7d0f-0b57-5e5a-8012-16a43cb095bc", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.20-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.20-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.20-tuxcare.2" } ] }