{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2b29f5d8-364c-500a-bec3-2467dc64da94", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.3.31.tuxcare", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.3.31.tuxcare", "purl": "pkg:maven/org.springframework/spring-orm@5.3.31.tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6c33864d-30a0-5db5-b282-a64064584154", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31.tuxcare of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6748f1da-a862-5d51-b41e-259038e00fcc", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31.tuxcare of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:205feadf-1d98-5865-ab33-416af4e748cb", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.31.tuxcare of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9d4925dc-7345-5591-9668-7b99cad6e44e", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31.tuxcare of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9cf99bd4-d596-59d4-bdb8-cf21c32517a6", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.31.tuxcare of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:bebff241-bfa5-542a-8c2a-0da295b4842e", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.31.tuxcare of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:55d00a8c-4ea2-542c-84ec-1803162d41e8", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31.tuxcare of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:66c835fa-11dc-58ae-ba8e-1cf762f4b05b", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.31.tuxcare of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:3222c658-6f4f-581e-8caf-c953441d2cda", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.31.tuxcare of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:a851c216-aca8-5993-8654-10739c1ede26", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.31.tuxcare of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:4fd91570-36a8-5144-86a0-73132d2d77dc", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31.tuxcare of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5e3c89fd-58dd-54a2-92da-230abb1a16fc", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-orm 5.3.31.tuxcare." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e9639208-e4d6-5e0a-bb24-92de55293708", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.31.tuxcare of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:860cb9dd-c3b1-5b3b-bc5b-dcae264e1ae7", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.31.tuxcare of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:acc5027f-b7ac-57f6-83d2-bbb5c14ac349", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.31.tuxcare of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:44303a05-0a96-5a67-ace9-50331440ad4d", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31.tuxcare of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:c15f9134-6408-509f-b6d1-992c29ff9fa3", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31.tuxcare of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31.tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31.tuxcare" } ] }