{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:621a9e42-ed7f-506f-937f-573955afc236", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.3.37-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4f38811b-2dd4-561d-bbfa-7c86976f5d78", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3448371a-60a6-5af0-be40-059509e4dd55", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:102fd790-9cbf-5988-92fa-ba9c7b6db638", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ec52351a-5b8d-5f15-808d-c60586c5f6d3", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9eaed0bb-2b3b-5ccb-a711-213c6b483727", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0e22767d-f37c-5dcd-8124-bf66806cfc77", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:489789d1-7bed-56a8-b6e7-8bed7f43a2f0", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:896f20c7-9466-570d-8db8-08de748bdda3", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3f2600e3-b148-54f8-ad12-8506c9f540f0", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cd9d6012-51a9-5549-bc00-a6fd2e038966", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b2334427-888a-5dc4-a226-9ca6f65c4058", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e449ed16-0c98-54d5-b2bb-21a3256cbb1a", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:73c2c634-3e3a-5a3e-ad77-f1fd5f2a1c48", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f968a02c-a575-5291-80a6-649c3b27f02a", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:71ff54e6-3fd6-566a-8f88-5463a15ed264", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ff30134d-e4b6-5258-82c2-4a56e9199609", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.5 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.37-tuxcare.5" } ] }