{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:49f8c81a-d066-5c4e-85a1-8f94f58cd163",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework/spring-expression@5.3.39.tuxcare.5",
      "type": "library",
      "group": "org.springframework",
      "name": "spring-expression",
      "version": "5.3.39.tuxcare.5",
      "purl": "pkg:maven/org.springframework/spring-expression@5.3.39.tuxcare.5"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:9afa0b64-30e4-5382-8a38-df70c206343d",
      "id": "CVE-2016-1000027",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.5 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4c2b025c-8d98-55f4-851d-25ce2943c9bd",
      "id": "CVE-2024-38816",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9062ecbb-a2ca-59be-b226-2808b82a3cc8",
      "id": "CVE-2024-38819",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f7504ee0-516f-5677-93c5-3b3413b73ead",
      "id": "CVE-2024-38820",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:aab3e6a6-326e-5ed7-9712-d09f7465c254",
      "id": "CVE-2024-38828",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:603bbd10-a3a4-5ba9-b0b2-7dc82c5f0ba2",
      "id": "CVE-2025-22233",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.5 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4c0e1a47-da5d-5fbf-b4ca-f29965215ed4",
      "id": "CVE-2025-41234",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-expression 5.3.39.tuxcare.5."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4f09b4b2-59a8-5930-9810-f89298d176cb",
      "id": "CVE-2025-41242",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.5 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:235365a9-007e-5106-89ad-2ff9fe1e11ac",
      "id": "CVE-2025-41249",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.5 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6d70d99d-fcc0-5f7f-97e6-f70cf653b9be",
      "id": "CVE-2025-41254",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.5 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1689dd1d-9277-5fbc-96fd-6c1627753ee5",
      "id": "CVE-2026-22735",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.5 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a87f8d44-8f6d-5764-9e0d-3b8e555a1ae4",
      "id": "CVE-2026-22737",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.5 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39.tuxcare.5"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework/spring-expression@5.3.39.tuxcare.5"
    }
  ]
}