{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:5cad7e36-cf53-5eb6-a8f8-2d668bf091d2",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.6",
      "type": "library",
      "group": "org.springframework",
      "name": "spring-oxm",
      "version": "5.3.39.tuxcare.6",
      "purl": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.6"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:12f218c7-d029-5be5-a792-6d49132f95eb",
      "id": "CVE-2016-1000027",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.6 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.6"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e4f944f1-e025-5b4f-afa8-e1d4b08f625e",
      "id": "CVE-2024-38816",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.6"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:87d4b7b3-19cc-5bd0-b3fb-d03f59248d85",
      "id": "CVE-2024-38819",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.6"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f9dd6d1c-5211-5f32-8f02-f7aae0343080",
      "id": "CVE-2024-38820",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.6"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d4111a31-1639-5937-8887-b45d350cfa69",
      "id": "CVE-2024-38828",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.6"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:145d5673-6289-55a7-ad6e-ca8bc9633281",
      "id": "CVE-2025-22233",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.6"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9a11b5d5-197f-5d10-87b1-f6135154b31e",
      "id": "CVE-2025-41234",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-oxm 5.3.39.tuxcare.6."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.6"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7f1f2919-e533-5429-9b3d-2713701e9989",
      "id": "CVE-2025-41242",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.6 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.6"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0f695461-9f59-582e-8743-a8bf8c383b76",
      "id": "CVE-2025-41249",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.6 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.6"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8bb54373-13d9-523d-b2a5-08f8b9725f16",
      "id": "CVE-2025-41254",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.6 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.6"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:86ac625a-34fd-56e4-b91a-08b7a3416347",
      "id": "CVE-2026-22735",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.6 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.6"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5bdffba1-b114-5531-aeaf-0437afb8e677",
      "id": "CVE-2026-22737",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.6 of org.springframework:spring-oxm."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.6"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.6"
    }
  ]
}