{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1834cc26-6c7d-5a37-af76-00b603479c34", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-r2dbc", "version": "5.3.31-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c3897ad2-9cd7-5a54-9914-52d5ed6f84e5", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:daf22637-114e-59cf-a730-7dcff3e6b86a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:191c599e-a604-5402-9690-46c8cc03ff12", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d7a0b34d-c59c-5df4-ad51-7802781dca97", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8d05b72e-9097-5bcd-a70b-b9c3db6793f7", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:884a8d4a-a3e2-5cb8-a7b3-ac197f823eea", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:295be1e8-cd95-568c-ae4e-6e42e47ea33e", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b908cd6d-c424-55b8-8eae-a7b26319623e", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:da02b478-5976-5ac8-8f3c-0a2ec0d6e1f0", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:249f8b6a-3c23-5948-a7b5-f48b9bec3759", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4259076f-d12a-56cd-a3d6-aed7922d9437", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2c0cad5f-b03d-5e6f-ade6-814a50eb6fa5", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-r2dbc 5.3.31-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4a2348c4-5719-547b-8950-ff8c078e8191", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ecb3014c-7a38-542b-96ca-1e6779780c5b", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:08b90e40-0285-54c3-8bc9-9623f57d8fb9", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:51fc9df8-594d-5521-8d95-293875a5db1a", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f9317f3e-3702-5288-83bf-d9396ffcf739", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:25ea209d-1cc0-57eb-9058-a6d4b7f51484", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2a779eff-bfd3-5bfa-aa03-9601a66e33e5", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:02e65e37-de7f-5805-a629-e7eb807e46a1", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c5c3e88f-f474-504b-86e7-770da7e2526b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e6b7fa2a-0c3d-5392-a98e-6be0e76a1514", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7b4d5919-b131-504b-a451-636b0d253912", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:167503cc-c14e-5e0f-85a3-6a1b3fb04049", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:34ccf7d9-a95d-5a87-9b55-25451cc6a85a", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d4409294-1ab1-51f8-946d-756c65ac3b78", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ccb8d714-d56b-5cda-84be-f4585835f769", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3624a033-a91f-598a-a523-a412f21eda54", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d9c4a27d-49cc-54b8-8cce-b38a7c7cf767", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:329822d2-a5c9-5b0c-aed1-5ab08ee3b6a4", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b39e82ba-1f81-5e37-9a2a-815e03051ee6", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:58c2b80e-bfd9-59ed-9deb-4866c1bebede", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:44cd066b-28e0-5e1b-9339-ee560bb2a497", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c8b355d0-7abe-5fa2-b0e5-49c96dcf6275", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:39422b34-bf2c-57ad-bb9b-e3bcffda4230", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:abeae26e-a0b2-5491-9657-c30f3db11e37", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:13a5133d-7f4e-5952-9e0a-7f0bb2d1b8b1", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.5" } ] }