{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:2cc1640e-15ca-5f91-82a0-6296b324e085",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.12",
      "type": "library",
      "group": "org.springframework",
      "name": "spring-webflux",
      "version": "5.3.39-tuxcare.12",
      "purl": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.12"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:9ba06e49-145b-5d5e-b808-523bfe924281",
      "id": "CVE-2016-1000027",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.12 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b068e9fe-6ab4-5cb1-8f58-2f59f130f420",
      "id": "CVE-2022-22968",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.12 of org.springframework:spring-webflux. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers"
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4333a570-82f1-5c02-93b2-c620a693e12b",
      "id": "CVE-2024-38816",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6e2607a9-c6d1-5fff-8f14-efc7179d46c4",
      "id": "CVE-2024-38819",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e8204146-e995-5b11-9d95-ac08e8cf12a0",
      "id": "CVE-2024-38820",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f6148dc8-a6ac-5fdf-a569-b372f5b96c74",
      "id": "CVE-2024-38828",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:cd1fdc87-7e14-58d4-8045-3f7f437bac4c",
      "id": "CVE-2025-22233",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f123c54b-1baa-5f13-b048-db53171d1522",
      "id": "CVE-2025-41234",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-webflux 5.3.39-tuxcare.12."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f03e9b61-fb82-5207-a125-cf3e13505530",
      "id": "CVE-2025-41242",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:51d6247b-0f14-579b-973d-02ac60c861bf",
      "id": "CVE-2025-41249",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:be9140eb-f419-59ad-91da-5aaeca0c81ff",
      "id": "CVE-2025-41254",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:21c1f4ef-e8b3-5aca-b8b5-f6ff79d7b07c",
      "id": "CVE-2026-22735",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a7b168f6-99e1-52d5-b0f8-1771bc4eeea6",
      "id": "CVE-2026-22737",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:34f4c927-021d-50ec-8854-da0b414fbff0",
      "id": "CVE-2026-22740",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a935fe36-1bf2-5053-92f0-3897984fd2a1",
      "id": "CVE-2026-22741",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.12"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:70c5e254-43ae-5c62-a7f0-c93385c28620",
      "id": "CVE-2026-22745",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.12"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.12"
    }
  ]
}