{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bce4e103-a585-5ff1-9038-19c911d0958c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-webflux", "version": "5.3.37-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e4403988-bf26-55ee-8616-30b7d557d2b9", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d61d2c90-a408-5af8-a39a-5404938b0fba", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.37-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7a9e76da-5519-5f60-8ad7-0cc35d741148", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b49a9b1-ae8b-50ec-92d5-3f3c2d029aa1", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.37-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b833bf1b-396f-5be7-ba8b-60531f4a45a1", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e28dc89b-86c6-5dc8-9551-18f5bb1980b2", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b7d724e-9966-5823-bfb5-a6dd9bfe73f2", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:49e3f417-a9da-52ed-a4ee-532250cf7c8c", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.37-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ce749c2-b9a6-5a5f-8dc7-d52df237131d", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:188902ce-48cd-5fae-b611-638e3f6c3dfb", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.37-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23dfe69c-3fdb-513c-8f1b-8abb154edd27", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c20afffe-0b18-5423-83b4-cd467d8fd2cc", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.37-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a0ba3819-ae13-52ea-a68e-1e49c87df59f", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.1" } ] }