{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4faf2d07-7ccc-5c6a-baec-c49ad29790dc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-r2dbc@2.7.18.tuxcare.5", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-data-r2dbc", "version": "2.7.18.tuxcare.5", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-data-r2dbc@2.7.18.tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fd57c4ed-36e3-52e3-a8b0-a3a18e009e32", "id": "CVE-2023-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-38286 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-starter-data-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-r2dbc@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3025452e-adc9-5f12-8d47-052f23cd60fa", "id": "CVE-2024-38807", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38807 is fixed in version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-starter-data-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-r2dbc@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0b6f30e5-21b4-59c3-99da-21581fcf3165", "id": "CVE-2025-22235", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22235 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-starter-data-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-r2dbc@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7fe25a0f-9734-5f8d-b052-99ef413b6c24", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-starter-data-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-r2dbc@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0942d8ce-f5f3-5518-974b-7c96ad211d55", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-starter-data-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-r2dbc@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:58d1b7c8-858a-5336-aed5-fa51215b230a", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-starter-data-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-r2dbc@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4729bf98-f468-5fea-ae8d-f33f00d50cd8", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-starter-data-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-r2dbc@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:14691967-b131-5f0c-9dd3-b1b074ae5ab9", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-starter-data-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-r2dbc@2.7.18.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6bd9158d-85ac-549a-b216-c07c3db55259", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.18.tuxcare.5 of org.springframework.boot:spring-boot-starter-data-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-r2dbc@2.7.18.tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-data-r2dbc@2.7.18.tuxcare.5" } ] }