{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4dcc22f8-8c63-5581-8a39-6e303ece6f49", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-r2dbc", "version": "5.3.37-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:97055e39-bac4-5b35-a70f-27ca2a62bd38", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:00095dc2-a885-5319-b270-ee40172f2dac", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0cda8c59-ecf7-5929-8200-878160a6380b", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:fab4e11e-83c5-5bf5-b85b-b298a98eceaa", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f2e42b79-fa5b-54a7-898a-95370c0b72c8", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:89479114-1b12-5e7d-924c-68628ae83859", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:65a67dea-3255-53e3-a5f9-d835ca5f4ab8", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c2a88671-04a0-561f-b73d-b7153c18d784", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a195cd00-6fcd-51b1-9443-c83b1f3ee0ea", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5d145662-8309-56ef-867c-0d06a87dd544", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:63e7f2a8-c758-5bc5-8d30-0a0607bf842e", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bd6f8f25-78dd-5e28-86c2-e450655ac957", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:68f31f55-eeb2-5488-b313-c5e384ba487c", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:51f0d108-a85e-56f1-9ee0-a407939e434c", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e826ca6d-7555-5c7a-a221-96bd921dc7c8", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d0d35e10-cfa6-5fd9-826a-8fd858d757c6", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:fc6c8914-a2ef-5475-af0f-05faee7bda11", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:90e02b2d-5897-57f2-8582-ead3ddcc0514", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4d37ad2f-942e-583b-9a98-22445ae0d4a6", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c8d28a55-46c7-52f0-8733-23a93ff7d02a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9608660d-4477-55d0-825a-4ec38a6bca38", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0f29ce3c-8c66-509c-85c2-6e83000647b2", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c5a528a8-e6d4-5073-b54d-4744f60f39c1", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:aba8e9d4-f87d-552c-8f19-6ac1b1e5e03a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:dc5a8390-3600-5564-88d6-6a2360002af8", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a5b34a55-5d2b-562d-8fe0-0f931506aad4", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ed471494-a575-576a-b7ea-bf0724ff33aa", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:96e4e2f6-c327-53ca-a259-246beb5f633d", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9ffaff67-3815-5885-897c-b08020024ed6", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9478a4a0-6fc8-5a0e-9e38-20d43c3aac6e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:90ec8c3b-6cf8-5ff8-ae30-6134216a76c9", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2c0d7ebe-bcc2-54a0-b1cc-ac21bf0df33e", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:da1a9ad7-fe32-527f-a510-d10c290b3bd6", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.6 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.37-tuxcare.6" } ] }