{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:016c2c8c-3360-5c2f-a36e-6cfe0396bfc5",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework/spring-beans@5.3.39-tuxcare.9",
      "type": "library",
      "group": "org.springframework",
      "name": "spring-beans",
      "version": "5.3.39-tuxcare.9",
      "purl": "pkg:maven/org.springframework/spring-beans@5.3.39-tuxcare.9"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:be60b821-34e5-538c-9e77-a6e989b07db0",
      "id": "CVE-2016-1000027",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.9 of org.springframework:spring-beans."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-beans@5.3.39-tuxcare.9"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9ca3e802-c84e-57fd-836b-c358d1b442ed",
      "id": "CVE-2024-38816",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-beans."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-beans@5.3.39-tuxcare.9"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:38bbcd15-b588-5361-985c-0097e056c0da",
      "id": "CVE-2024-38819",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-beans."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-beans@5.3.39-tuxcare.9"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3ae87a47-7a6c-5d7f-abcc-0c2fca3bb173",
      "id": "CVE-2024-38820",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-beans."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-beans@5.3.39-tuxcare.9"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:738e9bcc-3010-585a-8458-de4db18d12db",
      "id": "CVE-2024-38828",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-beans."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-beans@5.3.39-tuxcare.9"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d6d00c15-507e-5b26-a490-d22873f32d38",
      "id": "CVE-2025-22233",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-beans."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-beans@5.3.39-tuxcare.9"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b04fad0f-7dc7-5886-9216-b33fa4f7b575",
      "id": "CVE-2025-41234",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-beans 5.3.39-tuxcare.9."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-beans@5.3.39-tuxcare.9"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:59748569-ee81-5dfc-8b77-24b933877722",
      "id": "CVE-2025-41242",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-beans."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-beans@5.3.39-tuxcare.9"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ecb47ff2-b87d-531c-b50e-c84f7251cb7c",
      "id": "CVE-2025-41249",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-beans."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-beans@5.3.39-tuxcare.9"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7491d181-9299-518e-b872-10691fa86080",
      "id": "CVE-2025-41254",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-beans."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-beans@5.3.39-tuxcare.9"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c5e0b221-5b0b-5f06-83ca-946bcbc22d2a",
      "id": "CVE-2026-22735",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.9 of org.springframework:spring-beans."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-beans@5.3.39-tuxcare.9"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8b183d9f-ac18-5523-bd5a-7de0a2fb6ee2",
      "id": "CVE-2026-22737",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39-tuxcare.9 of org.springframework:spring-beans."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-beans@5.3.39-tuxcare.9"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework/spring-beans@5.3.39-tuxcare.9"
    }
  ]
}