{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5ee3c436-5d00-595a-b833-123cd52ccbed", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.3.37-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:20f0f122-f8aa-5eab-a0ca-188e60ed8202", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fe6064ed-62ff-52d4-950d-c8478bf3c2b5", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9d042a37-9229-5611-93c9-b28f02215a19", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:30b9680f-ede2-57b8-94b3-4cdb0f669278", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4e2c7eee-ed3e-5441-9d02-4844501a4338", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:31138c61-8276-561b-9844-cd0e8bcde352", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a81dcd4d-cacb-5d9a-9173-e49bb73ed3c3", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6ee1b8eb-cd01-5cf3-8e5d-1dfa52738e41", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:81bbbfba-c096-59cd-b523-52fe1f044193", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a7b617f6-bd5f-50da-bb79-3099374454e9", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8486327d-2683-5e3c-b2a2-970ac92f0366", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:628e867c-7ee4-52e6-b321-96722f30cb90", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.37-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bca257b2-2d56-56c3-bbad-28f7b3bbd076", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3064c0ce-6b7d-50b6-a870-e2f17a101dd6", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3dbb898f-9af2-5357-ae77-2fe41fa0fd6c", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6eb5f151-f0dc-5806-841c-1e9b2f13eea9", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.4 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.4" } ] }