{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9c018287-e9ef-5165-9988-cd020c174350", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-webflux", "version": "5.3.37-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1b0d75aa-12c8-54a0-9f46-dd582bafa7bb", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:57baf88b-76ae-56b8-a2aa-32c78cdc0f8d", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.37-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c4b6a25-c66b-5775-80fc-f5fbc4cce84d", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6e18e287-1d59-582e-bffc-3e5a3e7ca91d", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bc1d9f4e-a649-59d0-a255-8c421cc42c7c", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:59767209-f9f7-583c-b17b-c1133bbcf4a3", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:425393fd-5f29-5d09-937d-d91033d9be93", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a321467a-fce5-502b-909a-af7ef421b10e", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.37-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:67a65698-dfaa-5862-ba89-64f4a14f27e0", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77100d43-1aac-5497-aeee-0e967a6b923c", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:476d0049-a58c-5222-934c-daa9a6989162", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:207bf768-a731-5e75-8acd-cef7f9ce31f1", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.37-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e64504f-980f-506a-9698-a2c99dd522b8", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.37-tuxcare.2" } ] }