{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f1f43d8c-d7f9-5c2b-a8ec-c282ed2faf74", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.9", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "5.3.39-tuxcare.9", "purl": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.9" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:78b783d8-c853-52b5-bb08-d70858276d2f", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.9 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:0da46ff5-ba4f-5c67-b18f-04531c674aa7", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:15f25235-4348-5ffe-99ce-53e93f9a5d4e", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:0faec79b-fea6-5bfa-a36d-c6f1db182780", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:9ebac440-51dd-5e81-952d-a502a0c448d1", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:0722aa5e-f0d2-54b8-9d65-e97cb3ddfaf5", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:36adc1de-7385-5d01-8f7e-4738ed2de445", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-oxm 5.3.39-tuxcare.9." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:c2486c28-0bda-5b4b-8d46-f0cd59335765", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:4ecc7b77-56ad-5701-a76d-4b8a47f09f98", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:290f2851-398f-562c-a7c1-07fc12984752", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.9 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:89a94346-1488-5238-baf0-7a6bd3e335e1", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.9 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.9" } ] }, { "bom-ref": "urn:uuid:5306bf83-8a53-5850-abe6-c84971309d11", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39-tuxcare.9 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.9" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39-tuxcare.9" } ] }