{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:f24a16aa-9d01-5fa3-9f5b-8fcafeba5521",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.12",
      "type": "library",
      "group": "org.springframework",
      "name": "spring-expression",
      "version": "5.3.39-tuxcare.12",
      "purl": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.12"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:8318b48b-6304-5e7c-968e-818feff7cd2c",
      "id": "CVE-2016-1000027",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.12 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:34e8e9aa-11da-537e-8bbb-641c1fe5ee8e",
      "id": "CVE-2022-22968",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.12 of org.springframework:spring-expression. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers"
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7a79e495-9706-566b-b2d5-f13d15e79046",
      "id": "CVE-2024-38816",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8f845dcf-0f9f-5b8f-8343-4dd1d7b4a184",
      "id": "CVE-2024-38819",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:12f85439-6a11-50af-ba2e-55235e513246",
      "id": "CVE-2024-38820",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a411c4ad-3b57-5a0e-bdbb-0bea8e3a1a29",
      "id": "CVE-2024-38828",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ab55c0af-548c-57ae-843f-3dd6f681ebb3",
      "id": "CVE-2025-22233",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0ce20233-4648-51cc-9a29-b1ce087547a8",
      "id": "CVE-2025-41234",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-expression 5.3.39-tuxcare.12."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:082cf4cd-2996-5462-96b8-a11a665e09b2",
      "id": "CVE-2025-41242",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a8889a18-cfb2-59cc-b018-71fbcd8f6035",
      "id": "CVE-2025-41249",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d633bb69-9aa2-5b19-9fea-945ebe13f25c",
      "id": "CVE-2025-41254",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:bd938f0b-4db4-5c8f-aa50-8f11f11f3f23",
      "id": "CVE-2026-22735",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c188687f-061f-5aee-8dcf-950f5ed73737",
      "id": "CVE-2026-22737",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5338d695-d597-5bf8-b11d-53e251e4f8d5",
      "id": "CVE-2026-22740",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ab81d212-ad4b-56d7-99a6-0f8f70972c8f",
      "id": "CVE-2026-22741",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d838de9f-a875-596f-bd05-4ba32cc8b70d",
      "id": "CVE-2026-22745",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.12"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.12"
    }
  ]
}