{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e10f6c6d-f0f7-554a-8ae7-f4333b4635be", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-r2dbc", "version": "6.1.21-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:360821f7-04a9-5a9f-b5fd-6cff43f91a27", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df100d11-574a-56fd-afb9-b81b464dc43c", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1cae841-9656-5050-a0d6-4028101fed5e", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8cea6e93-144f-5c71-86ad-b1df952ed6d0", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9616e712-4d02-53b7-9f50-a65c1eb8ec5e", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1dd81ce0-16da-5ecf-bd2f-d93a05e0033d", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:abae8215-c339-5b40-8b1e-7f18a2683940", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e83d8acf-a01c-5330-91e0-232d939154e8", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c98cb6c-0bd1-566b-8871-963aa18fc4f6", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dfefb8e3-d6a4-59f4-aa8e-fd8410b7f496", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4a07cecc-572a-56f8-b474-180adfc58a82", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c05d2c4d-7821-569a-b41f-54cc57d58e8b", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0522eaf-d52f-53ba-8690-51261d0f2a77", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:074b06df-92f0-594d-9c9f-d5489983a91c", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23e2a543-357a-5b00-972a-8da6207978ec", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3cf74f3a-d8c3-5a98-8065-f862aef62e75", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:711076f6-8936-5843-ac25-0193730a9e4d", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a05bf13-1cac-56df-b6a9-228b9c7b877c", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7fd2a288-4d97-59b8-abc9-dbc53d5f9887", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:30f5c2c6-3a0d-53e3-818e-5eeba1842a9c", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0045390-5dcd-5cf2-96c9-b76c254a3d5c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6d7820ab-487b-5bd7-87f7-37fb5ed63df7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da83893a-7701-52a2-9864-9c012025d925", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:13356b59-e535-5b4e-9693-ed3163d39f8f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.1" } ] }