{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:8e28c376-692a-50da-8c02-03ef8ff06c21",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5",
      "type": "library",
      "group": "org.springframework",
      "name": "spring-oxm",
      "version": "5.3.39.tuxcare.5",
      "purl": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:9656dfc2-66d4-51b5-a4f3-d9a3c4ff9698",
      "id": "CVE-2016-1000027",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.5 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:35f5fc1c-fdfe-5924-b199-3e6688963b75",
      "id": "CVE-2024-38816",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:54dfb483-fb57-55bb-a8f2-e6eae9fb5702",
      "id": "CVE-2024-38819",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ced3732e-40e6-53ab-93c4-8d83cb71ab81",
      "id": "CVE-2024-38820",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e8037a47-8e97-5439-9ca4-179a0039d3ab",
      "id": "CVE-2024-38828",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:afcf7e6b-2b83-50c9-9b87-de324892648f",
      "id": "CVE-2025-22233",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.5 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5602e590-1244-5f58-ae90-221ce5336b4d",
      "id": "CVE-2025-41234",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-oxm 5.3.39.tuxcare.5."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:004c8e48-71cf-535d-a621-08dd4251e76b",
      "id": "CVE-2025-41242",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.5 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a0a6c659-8de1-5cf9-81c1-e2294ac9ef0d",
      "id": "CVE-2025-41249",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.5 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ffba5627-3089-5e7d-a2ff-a8c11b654e2e",
      "id": "CVE-2025-41254",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.5 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1b7b32f7-b843-5697-a3ac-a1ecbeeb3395",
      "id": "CVE-2026-22735",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.5 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:80aa7fb3-1cde-564d-b34d-d1fee1f715ad",
      "id": "CVE-2026-22737",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.5 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5"
    }
  ]
}