{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:08f77ca3-88b2-5e16-935d-5ee6300ce4e0",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework/spring-expression@5.3.31-tuxcare.2",
      "type": "library",
      "group": "org.springframework",
      "name": "spring-expression",
      "version": "5.3.31-tuxcare.2",
      "purl": "pkg:maven/org.springframework/spring-expression@5.3.31-tuxcare.2"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:f8f9c3d1-11de-5f3f-be29-44b313b25251",
      "id": "CVE-2016-1000027",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.31-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6ee6eeef-083b-5ef4-8966-514a7a52b15e",
      "id": "CVE-2024-22243",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.31-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a4445d09-7ca4-5e52-8ff4-5e13420dcab1",
      "id": "CVE-2024-22259",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.31-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7083e697-aaeb-544c-9373-501d16cd7c99",
      "id": "CVE-2024-22262",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.31-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c353078e-6920-5d5b-be4b-8ef8811d9f96",
      "id": "CVE-2024-38808",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.31-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:35d1733c-073a-5293-b775-4df616a39c81",
      "id": "CVE-2024-38809",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.31-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:298d8c9b-7edb-55b0-9a90-4e058de3046d",
      "id": "CVE-2024-38816",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.31-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b5a82669-70e8-58d4-b8b0-77af7246b19f",
      "id": "CVE-2024-38819",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.31-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4e19c73b-be34-5939-b51e-e041b1f26be5",
      "id": "CVE-2024-38820",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.31-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:21bcf2a6-9439-5564-9703-02242afdfc77",
      "id": "CVE-2024-38828",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.31-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a2815ec5-9357-5ddd-ae09-67ee6943dec2",
      "id": "CVE-2025-22233",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.31-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:18eeac8a-594b-5987-974d-31903e8919db",
      "id": "CVE-2025-41234",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-expression 5.3.31-tuxcare.2."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.31-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:63a9e820-465f-5dea-99a0-d92c59fcdf2d",
      "id": "CVE-2025-41242",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.31-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4a5f7b67-c2fd-5cb2-ae03-b15b9a691606",
      "id": "CVE-2025-41249",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.31-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2ec0b057-74c5-5777-af59-1e105a2dd2dd",
      "id": "CVE-2025-41254",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.31-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d5da03b6-36d8-5d14-92f5-c7985b5c2e4c",
      "id": "CVE-2026-22735",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.31-tuxcare.2"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1305ea15-d02c-5f27-8ed3-82ef49ff5dba",
      "id": "CVE-2026-22737",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.2 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.31-tuxcare.2"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework/spring-expression@5.3.31-tuxcare.2"
    }
  ]
}