{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:88b17ce6-0d2c-51c9-aba8-21263618909e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "5.3.39.tuxcare.5", "purl": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:da90d21c-2ad5-5aa9-80c1-35e1503cc762", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d01da8bb-5849-5887-8670-ea55983fa824", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9dcd8670-68a2-5a6c-bc20-49e852ad6eaf", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f593f9d4-cdd9-5c21-a270-cdcd108c85bd", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f367158f-c940-50dd-901f-27803fa80fcf", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9322842d-0465-56fa-b9c6-7ab2989ee8f8", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8cca2574-2a59-57b3-a14c-19c09e4c3533", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jdbc 5.3.39.tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:060e2e18-b839-5248-9482-99b7b9325652", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0101744a-5254-5351-a977-d55a8bb9744a", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ae31c291-79f8-502c-a080-bc1ea6fd9bd6", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3e848094-7257-5195-905a-c93ee00d33ea", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dbf21b2d-7255-5d27-b9e6-82eec710f499", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@5.3.39.tuxcare.5" } ] }