{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:52f7b9f4-2889-5bdb-ba1f-59c907e821de", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.12", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "5.3.39-tuxcare.12", "purl": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.12" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ee3cbc57-284f-53d7-83cb-4ddcd3c2869d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.12 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:b180e514-09b6-5b85-b515-3378ce78897f", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.12 of org.springframework:spring-oxm. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:5c26efce-b19a-50fa-a756-1ebf2c013215", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:36e9819f-919f-5b82-a632-935d8b22b8a7", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:1addf773-7f85-5f02-99dc-0fd250bb2f0f", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:7c558fea-dfc6-55c9-a799-73798c6660e7", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:1a42a10e-d72f-5539-8bbe-69389a0d0b38", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:99598d78-b495-59c5-b248-f62b08138a20", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-oxm 5.3.39-tuxcare.12." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:37dc61fa-c243-5264-8dbf-d954031746eb", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:1bb28623-e7c5-59d6-a685-4deb047ac0e6", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:b36c141b-09dd-50fc-b89f-0e0d880ba5ff", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:74cd035c-d85c-5522-bbc0-a3d2045a23ef", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:32b10cf0-c5cb-5766-864a-9cec61589359", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:931b71c6-20ee-5bee-9c56-0959ce079086", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:990c5a11-0881-545f-be4d-38e33915ad64", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:a49e13ad-c17e-5855-9d23-9bbf977e9b8e", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.12" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.12" } ] }