{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:1b94c6b2-c600-5223-9bca-bfd20f826800",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.1",
      "type": "library",
      "group": "org.springframework",
      "name": "spring-oxm",
      "version": "5.3.37-tuxcare.1",
      "purl": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.1"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:1fa4365a-edb8-5656-a71a-043e713a8a7b",
      "id": "CVE-2016-1000027",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.1 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5940169f-8c61-581a-be89-340d1cc26d24",
      "id": "CVE-2024-38808",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38808 affects version 5.3.37-tuxcare.1 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:94d2f699-eae1-53dc-9dbe-231e5432d318",
      "id": "CVE-2024-38809",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.1 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:867be7a3-8606-55c4-a202-a7a148f99817",
      "id": "CVE-2024-38816",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38816 affects version 5.3.37-tuxcare.1 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7e7f9ca5-ba09-5235-bbdc-6c34783e93ad",
      "id": "CVE-2024-38819",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.1 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8e4bda8e-4e7d-53cc-a33b-02e15e64e238",
      "id": "CVE-2024-38820",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.1 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f4c7793a-1721-51ed-ae57-9c14eefead06",
      "id": "CVE-2024-38828",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.1 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:676886a4-4fd8-58a6-908d-8fa3dd1ae741",
      "id": "CVE-2025-22233",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-22233 affects version 5.3.37-tuxcare.1 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fa94afb0-8b1b-55c5-8ab0-459d05a375b6",
      "id": "CVE-2025-41242",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.1 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:809e1db8-4674-580a-8600-5c0229097bed",
      "id": "CVE-2025-41249",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41249 affects version 5.3.37-tuxcare.1 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ebc5b06e-39f3-56f6-a258-2ae376707017",
      "id": "CVE-2025-41254",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.1 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9fef537d-b448-568f-91b3-39d0df0b129e",
      "id": "CVE-2026-22735",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22735 affects version 5.3.37-tuxcare.1 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.1"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:cb906156-2ad7-50d6-9033-f6818a46a20a",
      "id": "CVE-2026-22737",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.1 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.1"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework/spring-oxm@5.3.37-tuxcare.1"
    }
  ]
}