{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f00af701-9445-55b3-838b-0fdbe4c7eae5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-r2dbc", "version": "5.3.31-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0acce45a-bcc1-5279-ac95-58e15f87a825", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:569b8da8-9117-53fa-8552-69521ae7ccbc", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6a1d4b9f-5e92-5426-a0ca-92e4dace6e9b", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c7a47112-e835-5196-8ad8-508199c14d7a", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b1279fc1-5e24-538b-b570-453f355d2646", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1107c967-126f-56a8-9dfa-c25ef1885b8e", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:34f17a03-f189-5138-b6eb-4efc3d852cac", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8ade5fb4-f9ab-5055-a0cb-0ae83d3076aa", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0fab5d63-948a-571b-9a51-b7e7bd37dc0c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0402c035-9ccd-5d8d-a24f-bf3e14fbbe64", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:61eb9783-fbeb-51d3-9bd4-6936451262ae", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2a5496a4-8582-531d-ba39-c2d961d0082e", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-r2dbc 5.3.31-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aa5e3325-4103-5f1d-aa73-3e0d9e3495c4", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6fe2a019-ea55-5bc2-98b4-61fa93d41c38", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:73e88964-a8ca-5d79-b5a1-aea8b6c8750a", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce9348fe-614b-586d-aac5-db2d9ae05988", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d926cf51-7b3e-5c2e-9caa-75109f34ea61", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b9c59bcf-e1fc-5b69-897d-ed69c7d2b9b9", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ede84600-88c1-52d2-9e6d-cdab6b3cf362", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ba1deed-ea88-5e39-acc7-8105634f8289", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b33a3e86-d2d7-504b-8a16-4bf733654a8d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7eb3a318-9708-5726-b91a-52709c961d4d", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3bb8f3f0-5eb9-51d0-a7ad-e6332cc0df58", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b5e58ba6-3cc3-58af-a5fa-3448d9619e7a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:76cbda7e-0ff9-5d22-815e-d99a14b1be22", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2ff32311-bc60-5e4b-bd75-05889f3ed61b", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bc2abb84-582e-5669-a666-ea729f5fb493", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:81075225-5a18-57ae-9c23-05dbb92afff4", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ed61f3c5-0a26-5ee3-9dea-81daf05d215d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6b448be8-b69c-53a7-96ec-33076c8426f3", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7a8fbc5f-1a76-5e08-b931-b33cc30e6f56", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b35f5239-e7c2-5727-8422-70dbbc5350a8", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c836b729-f743-5ebb-8fd0-451570242b9f", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:de3624fe-760e-561b-be96-163a81d6c545", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ec1629d7-3491-5967-b6c8-9386a51e3e92", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ff3a693-8bda-57bb-9630-2ca4eb7444a2", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8ba0ace7-060a-54f6-ad7f-5d3bd1103dde", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.31-tuxcare.3" } ] }