{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e17ab94e-8c8c-53a7-98bc-717b27b8b6c8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.16-tuxcare.3", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-webflux", "version": "2.7.16-tuxcare.3", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.16-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:99902d14-8d63-5096-ab93-6ea822b37bf4", "id": "CVE-2023-34055", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-34055 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:99cee9b7-244d-5592-b8b7-661169d52ef4", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5bdb0cff-0880-535c-9245-2c81d9ff3f01", "id": "CVE-2024-38807", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38807 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c825d92e-b81c-5ec2-aecd-940545e857d8", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f59fac66-6d34-5346-b3e2-15ed628850c8", "id": "CVE-2026-22733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22733 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b4a26a44-b4a3-5563-aeaf-2f4b90c4b291", "id": "CVE-2026-40972", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40972 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5998cb0b-94a9-596b-99b2-8a45e8278bca", "id": "CVE-2026-40973", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-40973 is fixed in version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a9634b6f-0c54-535e-8e46-a5aa1d35ac56", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:37fbdeb7-41e5-5d00-a886-fa539cd2afbc", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d10c3b5b-fc24-57dc-a7b4-59aa8e1b79c9", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0c034798-a487-5e56-bd7e-d5b875c89b0c", "id": "CVE-2026-40992", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40992 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.16-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a92a1d8d-d7fc-5ce3-840a-bb25492fdb51", "id": "CVE-2026-41001", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41001 affects version 2.7.16-tuxcare.3 of org.springframework.boot:spring-boot-starter-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.16-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.16-tuxcare.3" } ] }