{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:677028aa-f8da-5676-8668-812506b42576", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "5.3.39.tuxcare.5", "purl": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9656dfc2-66d4-51b5-a4f3-d9a3c4ff9698", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ad4f1f16-0720-549f-a9f9-62a1b089feb6", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39.tuxcare.5 of org.springframework:spring-oxm. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:35f5fc1c-fdfe-5924-b199-3e6688963b75", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:54dfb483-fb57-55bb-a8f2-e6eae9fb5702", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ced3732e-40e6-53ab-93c4-8d83cb71ab81", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e8037a47-8e97-5439-9ca4-179a0039d3ab", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:afcf7e6b-2b83-50c9-9b87-de324892648f", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5602e590-1244-5f58-ae90-221ce5336b4d", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-oxm 5.3.39.tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:004c8e48-71cf-535d-a621-08dd4251e76b", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a0a6c659-8de1-5cf9-81c1-e2294ac9ef0d", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ffba5627-3089-5e7d-a2ff-a8c11b654e2e", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1b7b32f7-b843-5697-a3ac-a1ecbeeb3395", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:80aa7fb3-1cde-564d-b34d-d1fee1f715ad", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d24c547a-9440-57f4-8f7c-7f77ed110a82", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39.tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a34b72b0-24bc-5c99-8894-cc9345220961", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39.tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ff705ef5-db8e-56de-9107-7627c8a61248", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39.tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@5.3.39.tuxcare.5" } ] }