{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:326e17e5-0948-5b44-ae1b-5c3e577ad1a9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.25-tuxcare.1", "purl": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7b20a7ed-d47f-571c-a6d4-dd098aa834ee", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4891bf9c-15f2-5cb2-b27c-0038c8d5d2a9", "id": "CVE-2023-20860", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20860 affects version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af6bf83a-d579-55c3-a7f0-ab3abe194771", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9d228df-0ca6-58ee-a949-86fe3ee99251", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8df96515-f804-5e5f-b8c9-9d82bdb8fb12", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b10a05e-8b2c-5570-94f0-29a0bb968303", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6886b3f-760a-5bf4-8980-6bf27c8d6d85", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a547be92-6c28-5926-b7af-b01799344a01", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ac1a6710-a58d-5ebd-96b7-db47445d221b", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0e87c62-1a8a-551b-b2d6-55a678c104cf", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee56a22c-72a3-589f-a839-4fec3b9fecce", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f05882d3-f6ec-54a2-861c-516de8aba8e5", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:768e47c2-9935-5d0c-878f-50251063f01f", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:408780de-58f9-52c2-908f-7eb4cde75205", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:140fb71b-eba2-532e-bb93-15dda149de7b", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed95cad6-2287-5a65-8588-1ac8018d9edb", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a8fb4fa2-1331-547f-9651-c94b0d38ae9c", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea37e473-274e-5079-a80c-283794c2e4a0", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0afd8dc-a5d9-5dcb-9791-008ec874df14", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c82171a2-b026-5c58-a9f4-8b37c3b5bfaf", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f6864cf3-cf65-5299-ae73-6d6d55540098", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e56eed2-a535-518a-b6cb-c1056e04a58a", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.25-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.25-tuxcare.1" } ] }