{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f58b0e45-d79d-5e65-b2cc-6c151d2dd5cb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "5.3.31-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:453936c4-b2f3-59a3-8a29-868a6a269f34", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb68ce34-80b4-5cf0-bc22-c63a673e0812", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f7f4565a-c7ca-5600-a65a-536dbebd90d9", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e9bd27a-d4c7-5eed-9693-5102bb8be210", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:04aef197-3ad4-5a59-bf0c-32b7ac12f791", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:45bdac06-92fc-58c9-a506-00d9f4005598", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d3f5c3e3-1317-52fb-8fa4-bebd1c1cff32", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:89039ec4-cd95-5eb3-9e03-48d9d5481ed1", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6391c1da-6447-54cb-bdab-23c48c5602de", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d36f9462-fd36-5f41-b6b2-49f8622f5191", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc0d5f34-3541-5332-9999-351061e9c973", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cd8b762c-3f43-5d2b-9d66-72f0955f9028", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-orm 5.3.31-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1e8ae22f-3d29-5b1d-aa90-eacb9ff6c38f", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f1cb291-657b-53c9-aed5-e3fbbfcece7f", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2f227d41-b66c-5057-824e-4d76cbe7b2f2", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:85a91ccb-bc4f-5434-bebc-99a2132594e5", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:72cc42e6-4387-5e99-8267-9f2be46a8803", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d0d8644-486f-5f75-8e2e-5fd80a526fb3", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bd898e48-a74e-53df-b272-aa63d0f8e49a", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:28011f2f-1fd4-5c91-8cec-0889b90a9119", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f5672330-3e2e-5af9-9d99-56cfb84718fd", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:139e2c44-7adf-50f7-83d5-d4d20b81adf7", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:63609792-b0cd-5b5a-99da-2ee313e0b955", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.3 of org.springframework:spring-orm. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b6814593-7fd4-52fe-b65a-4b89fea376fd", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:61db405b-6b74-5e1e-b914-cae741471406", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6201b0c7-52c0-58b6-8051-8544743b896f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:426bc3f5-a861-518b-b8fb-02682518504b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fda4ae74-4eaf-51e3-bb6d-5b76c264a7f3", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4734ee8b-4a30-5fe2-808c-0d56498f4569", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:baec92e5-0bd0-5043-904b-a255ddc33a8e", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6f69a6cd-f578-5674-9245-877bb7c2907b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:70899a36-8363-5f0d-a0de-615fe97d3848", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d338ac8e-d857-56da-b4b6-f080f1cb81e9", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c712c724-abe9-529f-a8eb-1881c75389c8", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0dae9fc8-60c3-5157-8e73-cddc9e7a58c4", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ba6453a4-2f28-5501-aaef-2eb68a89ba63", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ed5c906a-5bb7-5c8e-bf62-0ca81ad5dfef", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@5.3.31-tuxcare.3" } ] }