{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1b778148-1ed5-5bb0-9a68-7124a2255ed2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.31-tuxcare.1", "purl": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:19ea34dd-dcc4-55ba-869e-5aaee4b2cb53", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3df3bc29-0715-5d61-a440-b3f2a9645621", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:408a83c6-3fe7-52b3-809f-9769e1c2b295", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64ae1f67-8277-5fe2-96a2-7f7e7af5a33b", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0bc3f59f-6181-50b6-8ba2-2951dc36eaf3", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd8f9a2e-1031-58c5-9fc0-2a0c5ce19e33", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:131d6884-cf28-57ec-a987-d2eba2bb0299", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf587e3b-2d31-5f18-9dd6-416863aef6dd", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:886d0c74-af26-56ee-99a0-cfe1c787d2d8", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3b07fe6-0d70-5559-9e48-3f10d4bd5916", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ba4f2c0-1f16-557d-83c0-fe60b7dd9877", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c87fbc59-110b-5608-b943-c1f743e0b678", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring 5.3.31-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1200a3e2-57b2-5823-b028-2caac801bec4", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:591092b7-622c-58a4-a5b7-4f9b6c8d27da", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bccdf40c-ff8a-57f4-bdc1-f8dcbe3ba31f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:38f01bb8-eb2a-5616-a3c8-da5ec9a92e8b", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c062e49a-9ac7-52d9-9d15-ca2f042d9732", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.1 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31-tuxcare.1" } ] }