{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4afe88ba-e486-5f8c-85f7-ad698af717be", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "5.3.25-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:65faca04-fd40-570b-a8d6-868d8b2ed257", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b8654216-afb9-524f-b29f-0aff4db0fc96", "id": "CVE-2023-20860", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20860 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7c07ec25-babc-5d87-8e2c-16224efd7923", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:445b12ce-37b3-5a00-b116-8861a7848ecb", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:32d82f53-fd2f-52f9-9424-630e702f9489", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b8140f65-503c-5343-acdf-2d4958d78b88", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ced74654-3c12-5ae7-a2f3-f7715fc94f32", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eaa46df2-c853-5406-b3c3-5d76b1fef8d8", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6072fe43-9ae4-5d94-9a07-4a55b51860ce", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a5a387e0-362d-594f-b10a-9d8968f61cb5", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf163c7a-b965-5ce7-8063-ce6f209d17f3", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca221259-cf31-5579-8954-3058b6fe6ca2", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9c5b57dd-e463-5a65-af1b-cccec522f131", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a5186e04-6985-5743-bc3a-0c3ec6577398", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c65486b-e2a1-5896-9427-9b948125b65e", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b8bc2fc-21b8-5229-8ca8-bf08c62f7273", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e4eebcd-71a1-5cb9-a366-8f5961287571", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:29183516-1aa3-5c83-b0b2-823d8bbf0f44", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be84d264-ef25-50f9-88f4-976c05f49e5c", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c78db921-b564-51b3-8dfb-e36a3eb28557", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:678a1887-0479-590a-ab1a-ade6ccb449df", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:792d0811-d5e4-57c4-9ac3-561434c90ff2", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79ba4c17-3659-51bb-bcc2-f3296ae619fa", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:291ae325-0b11-5c6c-bf27-d848e9c986a8", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75b90845-8516-50e6-864a-aae70488f4bc", "id": "CVE-2026-41840", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41840 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f7952dd-d088-58fc-8ead-4bb8c2fc7ec8", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3d934db1-55f8-5280-9a2a-57b6081ddb8d", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9eaf871-22a2-54e7-8e8c-9c79c9929f85", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7520b225-da2f-521f-b37f-81e307720276", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5315575c-e672-5dd0-817b-3deba7aa438b", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:60f692c6-a82e-5489-9aa2-f51efa362ded", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3f09be24-0aa1-50d5-86da-91194b1dafa9", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0a14ead7-4056-5abc-a770-44af0167c2ef", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d3bfeef4-e4df-509a-8db3-a6da7a125900", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77c6e147-f71b-599b-ab5e-a0e205f278f5", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0925a1bf-9891-519f-aa75-971f9fcb4c35", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:66dae2b9-3a2b-575b-aed1-b8a67f064aa6", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ddf6ea9-6470-5cd6-93df-fa6c0d9c7bb2", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:783f689f-9b6b-5ed8-892c-c25035f04d12", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }