{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:45e1fac5-fdda-5c32-8158-111b8cc22913", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring", "version": "5.3.37-tuxcare.3", "purl": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1d99a6cd-eebc-5ede-80fb-23a6eae255d0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:75fa49b7-9c2f-5164-aa81-b71f161c574e", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:971495c3-83a5-5964-b941-46acef3b368a", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e34953a9-d6e6-5f9c-b4f8-9fb89ba17542", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7e39f20b-aee0-5102-9520-c4ae1d132c35", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca6cf667-f7cd-5131-8a11-47c275dc2530", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6ac05238-67fc-5043-8fde-0cebe67fd1b2", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e4a60a51-c045-57ad-a972-5ce3c2add709", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.37-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f3f08375-3cf2-5956-a058-d361b61db4ab", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b0b7f998-39f3-5b7a-9190-e56d47a1350c", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:80e15637-f811-51c6-add4-e18317a070aa", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:706126df-dfe3-5cdc-ae59-15297ce955f7", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.37-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:174cb50c-de7d-5d07-8031-e98eedacffd6", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.3 of org.springframework:spring." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring@5.3.37-tuxcare.3" } ] }