{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8c611f90-25e1-5f6e-ae3a-3f8b31157f97", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-r2dbc", "version": "6.1.21-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d6fe1750-ae51-5d72-81c5-f498a25e890a", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8c05567c-2269-52fd-adde-976fada9be8f", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:968c5ef3-5639-5c90-9e87-d349950ca55d", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e54b054c-b2a6-58d9-bafe-04d16da1673e", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0a04dfa9-3b07-5385-8c44-333e0003bd07", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1453d98-a20a-5f57-a2a4-00fb7041b46e", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:87519968-1292-5cff-8de9-1a524601cf53", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:806eca72-a9a3-51e9-99f7-104533a81896", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:093a7a04-08c2-5969-bdfd-fe28185f83ef", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c027beb-046e-50c1-ba97-5dc4968d6f4b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:733cb618-3c33-5941-8dba-d0f1de99ab56", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d39b8b1d-425a-5488-8ca8-b87f259f3316", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b508dc57-ef0d-5033-8d27-b1f1616f9883", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4d0ebe58-4f90-55ea-8efb-4fb96f143fc8", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b35e54f-3590-59a3-9c1b-b1fe8295df55", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e2df2f9d-d5fa-55d6-987a-c6234cc944d6", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:02439852-b0cd-5bad-9a3a-6d72dd130917", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98ec436d-1a68-5ce4-98eb-f4a51ec32bcf", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a61278ed-9669-57d7-b897-55372669b1a0", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2ba68f2a-b22d-5f03-829a-c1ab895e4dc7", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9d1f888f-5137-5cc4-a727-9b892d6c70ef", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2d60f7b-d9de-526c-bd67-c05d0a3dd114", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4ea861e5-9236-5f74-9fb1-4832be922374", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28faa8b8-9cf3-56ca-80d6-7cee34c2bb75", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@6.1.21-tuxcare.2" } ] }