{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:5c6493f4-22f6-5961-9a30-3c78b43953f3",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework/spring-webflux@5.3.31.tuxcare",
      "type": "library",
      "group": "org.springframework",
      "name": "spring-webflux",
      "version": "5.3.31.tuxcare",
      "purl": "pkg:maven/org.springframework/spring-webflux@5.3.31.tuxcare"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:bc389a4f-2924-5d31-9c80-0420ceedc56e",
      "id": "CVE-2016-1000027",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31.tuxcare of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9094154c-9f8e-5861-a235-a179002f95f1",
      "id": "CVE-2024-22243",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31.tuxcare of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f644714b-a6c8-5b20-8fd3-d1b4d0d675f9",
      "id": "CVE-2024-22259",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-22259 affects version 5.3.31.tuxcare of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:38c5a9d2-34f2-5c41-b150-f3293de54208",
      "id": "CVE-2024-22262",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31.tuxcare of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1e88ce51-4b8d-53d5-a632-947e50668327",
      "id": "CVE-2024-38808",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38808 affects version 5.3.31.tuxcare of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a870050b-b7a4-5cb6-8fb9-d82193f3d4f9",
      "id": "CVE-2024-38809",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38809 affects version 5.3.31.tuxcare of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ffef6272-fbf2-5d5d-99f0-3d588e1ee3d7",
      "id": "CVE-2024-38816",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31.tuxcare of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4d2f42e6-05b5-54c8-8fe8-fcbe75d8c99a",
      "id": "CVE-2024-38819",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38819 affects version 5.3.31.tuxcare of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d8514e22-613b-57fe-b5c5-ced414319096",
      "id": "CVE-2024-38820",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38820 affects version 5.3.31.tuxcare of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:06831aad-07de-5f96-9b2f-22a0f1a87892",
      "id": "CVE-2024-38828",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-38828 affects version 5.3.31.tuxcare of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4f0d9349-b6b6-5c16-9fde-285660f6b047",
      "id": "CVE-2025-22233",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31.tuxcare of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d9f95f80-788c-5d55-b546-86e8ab5a44ab",
      "id": "CVE-2025-41234",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-webflux 5.3.31.tuxcare."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4138309c-6a38-52b6-83e8-48dc97dd5cf0",
      "id": "CVE-2025-41242",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41242 affects version 5.3.31.tuxcare of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a910d073-b9cf-5635-845f-414c40ff530d",
      "id": "CVE-2025-41249",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41249 affects version 5.3.31.tuxcare of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ae999fd9-04c4-5994-b29c-a7e6c21b3b16",
      "id": "CVE-2025-41254",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41254 affects version 5.3.31.tuxcare of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a9aa7973-627d-53d3-80e1-23316e5d9761",
      "id": "CVE-2026-22735",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31.tuxcare of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31.tuxcare"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:94e0dd98-1e25-5905-97e6-e8ff229abb9c",
      "id": "CVE-2026-22737",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31.tuxcare of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31.tuxcare"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31.tuxcare"
    }
  ]
}