{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:59b7dc78-a374-5fdd-9699-ef5361b47709", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-r2dbc", "version": "5.3.31-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9ee37534-4f85-569f-9cf5-3ace7d52f190", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b19fb2ef-2f32-5a6a-b104-2b2ae4e740c4", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:99eff37b-530b-5754-9e46-d9c5a8d7909a", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6620eea2-eb19-57d3-927e-5ae75ff75f06", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2d4dc8a5-0495-5acb-aff7-bc142ec56ebb", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8cc31675-ea69-5c02-868e-5fbdd8d61520", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:48e6b43a-e7d5-5ae9-8d4d-51874109da98", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a04d3b46-4991-5205-a88f-80340066b45c", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bbf79317-8dcb-5f26-840d-2c8cd947c119", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:525248e8-5689-5925-bd53-9bd7179475a3", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cf6e6e8b-c635-54f2-bd6b-39dcd1a8e564", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e9b9b454-41c9-573e-94da-3e447e211d80", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-r2dbc 5.3.31-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6fa0a258-2b7d-517a-ba24-334215097f39", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d096ec6d-22a2-5986-abaa-6502f2acdcc6", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f43cad97-df4a-5900-9353-601d5c0a2d2f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1093854e-65c5-59d7-8cd4-6159e4911a88", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0298ccee-48eb-5b9a-a095-fff55e1a776e", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6aba2e4e-2ac1-5d5d-a8ea-92c58251fefd", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2142f67b-7d05-55b4-b03a-54151a006963", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:512bd4ae-5fe2-585b-bbe1-dc982e173a8a", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:273aa01d-fa01-56f2-bdbb-08da15625ac5", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:aa984f28-933b-54da-b2f4-2fd11f29821b", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a56f42b4-107e-5029-b513-637dc833a2ca", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1130dce8-ee7c-5ae8-889d-6ae6f1b3820f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7d5807cf-19af-5167-9b82-cf1ff2f47280", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e61c9a98-0ac4-51e8-abe9-71f37e11b4de", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8d0cb8c3-209b-5156-9ecd-59168cf3cdda", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5a76058a-e167-5487-94f2-c2548c61233b", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:279d1b21-fc2b-5cb7-a645-9977d2d1a663", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:df163556-33c2-5751-bd8b-38ced211c477", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:28966b29-e360-539b-88ec-40c1967a4236", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4ff5cc3e-7486-581d-bc94-f3ff0e06a8e3", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a7b34fd7-cdc1-53d0-baeb-60219836e8a2", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:863667ec-8f9e-58b3-9e1c-4ff0aed323e9", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7f3bf116-bb4a-5d54-8738-866a324269c2", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a689de95-dd4c-5627-b339-6793fff384fd", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2f4b10b9-7a41-5ad4-ba32-f09a544503ab", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.4 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.4" } ] }