{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:13c1f643-a476-5d16-8315-ad161d154a7b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "5.3.37-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a6bf7169-3ac1-5a28-98df-7f0f26f7abe0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dc60ef71-d943-59b9-9a5f-0a8e96419b6b", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.37-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a99d632-1440-56a6-ac23-8fbd28f93d89", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f59cc3c-daf2-5f4c-9f7e-68c3de98a1d9", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.37-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e771fbab-ff2e-5912-a063-6797534085b2", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f657dd5e-3447-5d94-85d6-5a1695a1e2a1", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0094a19-a46b-5177-b74a-ef436c2021fa", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f094ed81-6c78-5c9c-9437-ecde3351983d", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.37-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa2523ad-60ec-5b45-b149-eb60e616759f", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:451016f5-d1d7-504b-bbdb-990d980b5e99", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.37-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:34ff1c7d-65a6-592e-9653-67a73d91a443", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa5f3ceb-593a-5145-8d09-97af63f93a91", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.37-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a62b6449-e292-5a62-85f4-1c978001b3bd", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@5.3.37-tuxcare.1" } ] }