{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:a0d937a6-e723-554b-84e8-e405fc2e66c7",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.4",
      "type": "library",
      "group": "org.springframework",
      "name": "spring-tx",
      "version": "5.3.39.tuxcare.4",
      "purl": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.4"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:f9468dd5-c186-55d0-978b-bd0adaf279fd",
      "id": "CVE-2016-1000027",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.4 of org.springframework:spring-tx."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1202b82a-b952-5e69-8b13-cd9a50c4e350",
      "id": "CVE-2024-38816",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.4 of org.springframework:spring-tx."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:39eb9a05-d0f8-5f7d-bfa0-56940247fe2f",
      "id": "CVE-2024-38819",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.4 of org.springframework:spring-tx."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:292cf8ec-9d0e-5b86-9f64-15a73a03512f",
      "id": "CVE-2024-38820",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38820 affects version 5.3.39.tuxcare.4 of org.springframework:spring-tx."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:66aaefe6-f931-5b4b-a9eb-931c500a4cc0",
      "id": "CVE-2024-38828",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39.tuxcare.4 of org.springframework:spring-tx."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:69685f81-5b9c-537e-9e1f-865fbfe623da",
      "id": "CVE-2025-22233",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.4 of org.springframework:spring-tx."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d49d8257-148d-58b0-b90b-3710b2ba6097",
      "id": "CVE-2025-41234",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-tx 5.3.39.tuxcare.4."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:34249caa-69f6-58c3-8bf0-f260b09e6253",
      "id": "CVE-2025-41242",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.4 of org.springframework:spring-tx."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:518a91ef-a5ea-5054-9f48-9562b5128ce2",
      "id": "CVE-2025-41249",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.4 of org.springframework:spring-tx."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:65aa57d9-58eb-5378-a7ce-5fce6988a01f",
      "id": "CVE-2025-41254",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.4 of org.springframework:spring-tx."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ffe57f11-58c4-57c0-9e65-040e446e4c5c",
      "id": "CVE-2026-22735",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.4 of org.springframework:spring-tx."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5751b08a-be32-50b3-a4cf-de2aa1728d7e",
      "id": "CVE-2026-22737",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.4 of org.springframework:spring-tx."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.4"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.4"
    }
  ]
}