{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:a240741d-91ad-5bfe-bf35-6cdf08395b38",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.39.tuxcare.4",
      "type": "library",
      "group": "org.springframework",
      "name": "spring-r2dbc",
      "version": "5.3.39.tuxcare.4",
      "purl": "pkg:maven/org.springframework/spring-r2dbc@5.3.39.tuxcare.4"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:9f8da57f-d729-533b-b6c7-abd2d08073b1",
      "id": "CVE-2016-1000027",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.4 of org.springframework:spring-r2dbc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0d8f67d6-1145-5685-b894-0df3f1f45fcd",
      "id": "CVE-2024-38816",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.4 of org.springframework:spring-r2dbc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d9569939-2a85-5052-81fd-8ae5e4606c1b",
      "id": "CVE-2024-38819",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.4 of org.springframework:spring-r2dbc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:dba0fb98-9689-50ae-af91-4d8a0e5ccee2",
      "id": "CVE-2024-38820",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38820 affects version 5.3.39.tuxcare.4 of org.springframework:spring-r2dbc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8d2396ae-cdf9-542c-a9a4-392760b4d0fc",
      "id": "CVE-2024-38828",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39.tuxcare.4 of org.springframework:spring-r2dbc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f45ff6fc-9ea4-5027-bd8e-7f0607443dea",
      "id": "CVE-2025-22233",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.4 of org.springframework:spring-r2dbc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1a7818bd-387e-5321-a5b0-b321b2a834be",
      "id": "CVE-2025-41234",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-r2dbc 5.3.39.tuxcare.4."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e34007e5-c31d-532c-86da-2a2307d9f52f",
      "id": "CVE-2025-41242",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.4 of org.springframework:spring-r2dbc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:29298aa8-1344-5fb0-9000-1075904e194e",
      "id": "CVE-2025-41249",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.4 of org.springframework:spring-r2dbc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f21b62b3-ca95-5ef5-85ea-a107d48a3b23",
      "id": "CVE-2025-41254",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.4 of org.springframework:spring-r2dbc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:78a4e09d-3007-56c9-920c-af46fd902b68",
      "id": "CVE-2026-22735",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.4 of org.springframework:spring-r2dbc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.39.tuxcare.4"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:09076713-8ea7-5085-8cc6-a60d9f87d244",
      "id": "CVE-2026-22737",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.4 of org.springframework:spring-r2dbc."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.39.tuxcare.4"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.39.tuxcare.4"
    }
  ]
}