{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d24f2cc1-0554-593b-917f-813ff502eadb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.37-tuxcare.4", "purl": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3a54093b-98d4-502c-b6a7-303ed642b8f0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:92e29de5-1c25-5a5c-8f03-aa974a404a85", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:026931ec-84d2-5cca-a727-06fb3c498c0f", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e6204f7e-103f-5bc1-b2f7-c2aec56f72b2", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b760c53c-2ca0-5163-9e86-68e413d3e74c", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:06684d9b-7e96-5db3-b04c-6263e11e7407", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a169caeb-5a8e-556b-90e2-f182b33182e8", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5f5a8f8f-9e6b-5a1f-bfce-f814385dfd8c", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7c053aef-44ad-5033-8ae9-4bb6ebe9e37b", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0febdf75-bf2e-5ca5-b0e0-f05a87847a48", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:58a2ad50-97fa-5b2b-acc7-79c9bb1d4693", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2d094976-50c7-5662-9661-e2e9e38d0cb0", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.37-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a779d008-2242-550d-9fa6-165c89f57715", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1513c14d-076c-5c32-9ab5-adc0bb18bbbe", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2456bd90-972a-5ca1-a8ca-07a3d3ae2404", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:24c2d10d-17ec-5cb0-a63e-8cc535d83a88", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.4 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.4" } ] }