{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d187ea27-ae39-58db-a503-372b206dea27", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.31.tuxcare", "purl": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2fdf825c-86d6-5fed-b9ef-3b954d5a5915", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ae7244df-38d7-57b3-aff7-2172162a5596", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:990a36ec-9c2d-52b7-bb34-d9a5796c91ba", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:302b2f82-b5b3-5347-bbf6-77e758b02d69", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:c8ead035-4176-5595-8672-5b5728444d31", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:637cd983-3ce5-5a64-b36d-eb3199a1d980", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e8d1da1e-0a28-5aa7-8de8-e697564a0198", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b8f2a606-c90c-5081-85b2-8a44059b09dd", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e8291809-9408-5366-bb78-28ef893a07cf", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:8f0c70bf-b1bd-596b-a1f3-ece26e0b7066", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5912c342-5eff-523b-90af-2bd03cb72f70", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5767fbc0-b4fd-5fd6-9d25-35b1fde8a6f6", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring 5.3.31.tuxcare." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:82c51cb3-51a5-5dee-b57e-58c64c4d7b4e", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:19fbac5c-9e9a-570d-a56d-4eeaa311ade9", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:10c0c76f-59ce-5b84-85c8-68189702f3a4", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:a94bce1a-64a8-54cd-895a-9dc2022b7dd8", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:db940fdc-27c3-593b-a34f-bc53571d4a0b", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31.tuxcare of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.31.tuxcare" } ] }