{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cbd7aebb-dac1-5076-834b-78091f48c722", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.3.31-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:453936c4-b2f3-59a3-8a29-868a6a269f34", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb68ce34-80b4-5cf0-bc22-c63a673e0812", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f7f4565a-c7ca-5600-a65a-536dbebd90d9", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e9bd27a-d4c7-5eed-9693-5102bb8be210", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:04aef197-3ad4-5a59-bf0c-32b7ac12f791", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:45bdac06-92fc-58c9-a506-00d9f4005598", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d3f5c3e3-1317-52fb-8fa4-bebd1c1cff32", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:89039ec4-cd95-5eb3-9e03-48d9d5481ed1", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6391c1da-6447-54cb-bdab-23c48c5602de", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d36f9462-fd36-5f41-b6b2-49f8622f5191", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc0d5f34-3541-5332-9999-351061e9c973", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cd8b762c-3f43-5d2b-9d66-72f0955f9028", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-orm 5.3.31-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1e8ae22f-3d29-5b1d-aa90-eacb9ff6c38f", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f1cb291-657b-53c9-aed5-e3fbbfcece7f", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2f227d41-b66c-5057-824e-4d76cbe7b2f2", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:85a91ccb-bc4f-5434-bebc-99a2132594e5", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:72cc42e6-4387-5e99-8267-9f2be46a8803", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d0d8644-486f-5f75-8e2e-5fd80a526fb3", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bd898e48-a74e-53df-b272-aa63d0f8e49a", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:28011f2f-1fd4-5c91-8cec-0889b90a9119", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }