{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:b50f1b81-bb1c-5106-8b65-8e91cb00102a",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework/spring-instrument@5.3.39.tuxcare.3",
      "type": "library",
      "group": "org.springframework",
      "name": "spring-instrument",
      "version": "5.3.39.tuxcare.3",
      "purl": "pkg:maven/org.springframework/spring-instrument@5.3.39.tuxcare.3"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:d1b72403-a569-5fe3-9ee5-31ec5200c660",
      "id": "CVE-2016-1000027",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.3 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39.tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:58a8ad1d-2d08-562c-afe9-62e83c547c82",
      "id": "CVE-2024-38816",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.3 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39.tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:57dd6aa0-9418-5df0-836f-59095598c194",
      "id": "CVE-2024-38819",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.3 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39.tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e73750b6-8465-5421-83a1-fd03efa653ab",
      "id": "CVE-2024-38820",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38820 affects version 5.3.39.tuxcare.3 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39.tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7a867204-b3fa-52ad-8b68-50829a0255a0",
      "id": "CVE-2024-38828",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38828 affects version 5.3.39.tuxcare.3 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39.tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:db2fb2ba-c8b2-5bf0-b93d-ab4ad9a7a1a9",
      "id": "CVE-2025-22233",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.3 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39.tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2a65f977-6e37-592f-b910-308358af0119",
      "id": "CVE-2025-41234",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-instrument 5.3.39.tuxcare.3."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39.tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:08908350-b073-5653-8140-3a540e442a0d",
      "id": "CVE-2025-41242",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.3 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39.tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:15a2a58d-090d-543e-ace6-97f81acc5edc",
      "id": "CVE-2025-41249",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.3 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39.tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c2a9aaa2-2b65-58ea-b976-fa09a0264220",
      "id": "CVE-2025-41254",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.3 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39.tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8030dd66-9c39-51aa-9566-ffd97a3bf715",
      "id": "CVE-2026-22735",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.3 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39.tuxcare.3"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0ffb7edd-e8f7-574f-8af8-66ff3feb750d",
      "id": "CVE-2026-22737",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.3 of org.springframework:spring-instrument."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39.tuxcare.3"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework/spring-instrument@5.3.39.tuxcare.3"
    }
  ]
}