{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:13530454-8d11-5891-a26a-a190387147e4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-r2dbc", "version": "5.3.31-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:20c509a5-44a3-5172-810d-498d05e3f118", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:101f2029-caa3-5b74-a9b6-10a9a2ed9b5b", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:88abd693-3b49-565c-9321-e308a1f3ad9d", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:156b1fde-30f6-537d-8411-eef5a244b3f8", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e280217e-45ab-55a6-ae1e-aefc2da9af39", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d69d85ab-b23e-56e9-9662-240c439bacf3", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c8f023cb-3baa-53c4-bcb4-e022bc5315ff", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a6037b05-65ea-59b8-b9a3-60f4d13efe65", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7d790cba-1a2a-5101-a89c-6e9da6b654fc", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c1e8c29-3ad2-5bbb-a88c-b44ccd451eb0", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1950ee57-5d92-5667-9d32-bcc8e0269070", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0e8ebddc-7869-5964-a509-cb9313e27157", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-r2dbc 5.3.31-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:92d9926d-7612-5077-9162-1e8df559a2d2", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:02d98c4e-9913-5ac8-b1ab-5ecf1b25001a", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:68f44f79-a4b9-5beb-8dd2-0bf7acd2d6f5", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:57da139c-cf85-54ef-82da-0ae508ad8b24", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:36c3487f-7942-5da0-bcf4-69c1ccb06653", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef989e7c-ace0-5908-a77e-4a9eebe6619d", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c1b3f0e-91f9-59c4-ab1d-3de660bff4a4", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a51c1909-d605-5af0-b1a6-ec8781b95d8e", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0507300c-aa89-56f0-8b5d-4e3af656991e", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f5c95bd4-4437-5521-9704-472b6427e798", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b427fe52-6165-5e72-ab64-29bf087cff78", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b8120617-db99-51b0-8079-7a0e98bc7767", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:84fed81b-be3f-58e0-9e5e-e598e25d2f0c", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ee85b57a-5333-5402-929a-3fff898a5034", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b8adfd26-4386-5cb6-9647-9db18679eaf4", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ee3da0a4-74e3-5d3f-bbe1-48ea8fc4ee3c", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f79f793-b2fe-51c4-836e-eefe0a45154e", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9219e1e7-f881-5ffa-9b24-8d232107b5a3", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82912337-1af6-56b2-b5f4-b4f988afe64f", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4659e5ae-dfb9-5d4f-a5c0-548a3db7238e", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:52b17738-9f40-562c-a8a1-62bb31a7f408", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e43ec9a-5edd-5c56-88e4-090bd2403057", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f51576a-e63b-5371-a76e-eb6eec1bd3d1", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e46ebcf6-541f-5090-ae44-a8630c5ae834", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0aef20c4-d374-5fbc-84a7-14469eadd3ea", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.2" } ] }