{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:b8e00392-a86d-5702-9198-f9249113620e",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.7",
      "type": "library",
      "group": "org.springframework",
      "name": "spring-webflux",
      "version": "5.3.39-tuxcare.7",
      "purl": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.7"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:5783a651-39bd-589e-973b-0c970300021f",
      "id": "CVE-2016-1000027",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.7 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.7"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5c98be36-cc4b-57b9-ac2b-b7a62bbaa212",
      "id": "CVE-2024-38816",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.7 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.7"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4e2a5fe6-2107-5549-ad55-2dc82f877377",
      "id": "CVE-2024-38819",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.7 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.7"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5cd6a77d-e23a-5d35-95ed-0cb27ac30afa",
      "id": "CVE-2024-38820",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.7 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.7"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:641395cf-9807-5554-80d1-93fa4f7626d6",
      "id": "CVE-2024-38828",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.7 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.7"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a707d878-a4a4-56ac-adb3-a270d95959c4",
      "id": "CVE-2025-22233",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.7 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.7"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7f01ffeb-aea6-5b27-ba1c-62746e2fa050",
      "id": "CVE-2025-41234",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-webflux 5.3.39-tuxcare.7."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.7"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:aa76b6cd-8edb-5a1d-9621-568510101ce0",
      "id": "CVE-2025-41242",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.7 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.7"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0d28fd07-0922-54ca-9a1d-42c570b29956",
      "id": "CVE-2025-41249",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39-tuxcare.7 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.7"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:9fd91d7d-d4a8-5b54-a9e0-1416c1c89b3f",
      "id": "CVE-2025-41254",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39-tuxcare.7 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.7"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e7f65d63-8724-527f-9712-d608bb123a1c",
      "id": "CVE-2026-22735",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.7 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.7"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a4bc0558-8c00-5d3b-826e-9bddbe1b74d1",
      "id": "CVE-2026-22737",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39-tuxcare.7 of org.springframework:spring-webflux."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.7"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework/spring-webflux@5.3.39-tuxcare.7"
    }
  ]
}