{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1390a55f-0766-5472-9d0a-18a5882257ea", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "5.1.20.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:84ab5669-95eb-56ca-b8a6-4c4a6aa63369", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b3b91e5-c470-56f0-a307-c4bd437ef0d7", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6d486bc0-ff5e-5b01-bb06-6eed618e9ab9", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b7738bd-e2a0-564d-92d4-13c63f1ae1bd", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:768c825d-9feb-5167-a8d1-faa4171dafa9", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2079f7b-78b4-5c95-a1a2-08debac5b490", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc46f4b5-4daa-5c52-a09e-996ae1d6fa2e", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6d63f9f8-74e2-5d28-8b72-0a256cb7b681", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8c5ebaf7-6ea6-5c3d-b20c-2e3cf6fece7c", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:57f60dfa-f138-5ad7-87cb-90de5268db03", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:474990be-4a97-5b5c-a7a1-b1bcd12b7bb7", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:92cc5de7-8c04-5ce4-a1ef-651ba31a2e30", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba82bcc9-7bf1-5784-830c-1083d562b8d6", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7a11feb8-1226-58f9-9028-904cdffef79a", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:587af67c-e148-5fc3-8cfc-ddf62cfdc5f0", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9069ab64-a8e3-5498-ada2-b63abe955e62", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-oxm 5.1.20.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:afb2dd32-1dcb-53ce-804e-8dba5f19f45a", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:806a9c41-07b4-54ea-bff6-9d758749998c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2edc3209-2911-5125-ae91-06882265fb89", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dbb169d9-6e03-5b8e-be3b-451f7db0f7a8", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a7309e01-857e-57b2-94f5-016b6cc17845", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b76d2c2-31aa-558c-b80f-048a2dc7482a", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8df1577d-f473-55bf-8b3c-0b2298efee85", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9ebaa9ba-4beb-5637-90b1-33b9293261d3", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7bf1bb57-c010-5a6e-b095-fce6a44a308b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.1.20.RELEASE-tuxcare.1" } ] }