{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:074271e5-a5ea-50cb-a139-5375e3f08316", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@6.0.23-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "6.0.23-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-orm@6.0.23-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:950393e9-dc37-5de7-902c-63ebb2bc8a29", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 6.0.23-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.0.23-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bdcdb9a9-18b3-5a8e-8c52-b2a4192c3cf6", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 6.0.23-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.0.23-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b922b82b-5dad-52d8-8349-49a03f5e117a", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 6.0.23-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.0.23-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2feb8ded-e334-5171-aabd-522880f087b2", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.0.23-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.0.23-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:985a17a0-735e-52a5-bc19-ed956c99d8f1", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.0.23-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.0.23-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:08bfcf16-a371-53fa-9877-b40afd7e625f", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.0.23-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.0.23-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:474824ae-0bd5-5896-9fa2-144bbe9dfd97", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.0.23-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.0.23-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b103da5b-ec25-5b56-928b-4b242b6ce548", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.0.23-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.0.23-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0000fdb3-3275-517f-a770-f955d2705758", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.0.23-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.0.23-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:701e5a76-f35c-5188-bfb3-9a1455bbace5", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.0.23-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.0.23-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.0.23-tuxcare.1" } ] }