{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:8d9d74fb-a662-561d-9d78-b3cf5ee79c85",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31.tuxcare",
      "type": "library",
      "group": "org.springframework",
      "name": "spring-webmvc",
      "version": "5.3.31.tuxcare",
      "purl": "pkg:maven/org.springframework/spring-webmvc@5.3.31.tuxcare"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:e7885ff9-4a3a-5480-8b75-521df1cac2d9",
      "id": "CVE-2016-1000027",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31.tuxcare of org.springframework:spring-webmvc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:15f59a17-0516-5d6b-85cb-9d0578c8892f",
      "id": "CVE-2024-22243",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31.tuxcare of org.springframework:spring-webmvc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:685bd4ca-ff83-57ac-b79d-4b39819a9835",
      "id": "CVE-2024-22259",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-22259 affects version 5.3.31.tuxcare of org.springframework:spring-webmvc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:bd3da2c8-6038-52df-86ff-3fa1d78cb6d7",
      "id": "CVE-2024-22262",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31.tuxcare of org.springframework:spring-webmvc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:81fe09dd-1a08-5108-94dc-b7620342825a",
      "id": "CVE-2024-38808",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38808 affects version 5.3.31.tuxcare of org.springframework:spring-webmvc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:bf910a7f-0237-5daf-ac2c-75c85a718c34",
      "id": "CVE-2024-38809",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38809 affects version 5.3.31.tuxcare of org.springframework:spring-webmvc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e4ef0061-7c9d-583b-b2fb-39afae461831",
      "id": "CVE-2024-38816",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31.tuxcare of org.springframework:spring-webmvc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:02f724d8-bca3-5d2a-887b-ce45f425a17f",
      "id": "CVE-2024-38819",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38819 affects version 5.3.31.tuxcare of org.springframework:spring-webmvc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:dc7301d1-1732-514e-9612-65407940ff80",
      "id": "CVE-2024-38820",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38820 affects version 5.3.31.tuxcare of org.springframework:spring-webmvc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a2308b6a-fdd1-576e-9cec-0778129bdd5c",
      "id": "CVE-2024-38828",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38828 affects version 5.3.31.tuxcare of org.springframework:spring-webmvc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:04c3157b-e20b-5458-8e6b-3eb0678c133f",
      "id": "CVE-2025-22233",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31.tuxcare of org.springframework:spring-webmvc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3bdc5734-3bf6-5444-b51d-7026d9dbc392",
      "id": "CVE-2025-41234",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-webmvc 5.3.31.tuxcare."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b4da3e2b-ef8e-5928-963b-644e5529a145",
      "id": "CVE-2025-41242",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41242 affects version 5.3.31.tuxcare of org.springframework:spring-webmvc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6e0318fc-db38-5450-adfb-4e0659dbb9b3",
      "id": "CVE-2025-41249",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41249 affects version 5.3.31.tuxcare of org.springframework:spring-webmvc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e22d18b4-206a-5072-b8af-766e46bed771",
      "id": "CVE-2025-41254",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41254 affects version 5.3.31.tuxcare of org.springframework:spring-webmvc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:cae61e98-4bd6-52fc-b999-cddc09205bf8",
      "id": "CVE-2026-22735",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31.tuxcare of org.springframework:spring-webmvc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a2d7a792-0706-52bf-9369-c54b1d7ef1a9",
      "id": "CVE-2026-22737",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31.tuxcare of org.springframework:spring-webmvc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31.tuxcare"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework/spring-webmvc@5.3.31.tuxcare"
    }
  ]
}