{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:001ca653-a418-5f09-8e6d-8d1eb8da15d8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.18-tuxcare.11", "type": "library", "group": "org.springframework.boot", "name": "spring-boot-starter-webflux", "version": "2.7.18-tuxcare.11", "purl": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.18-tuxcare.11" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e8ca687e-89ce-5647-ac92-68534d693679", "id": "CVE-2023-38286", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-38286 is fixed in version 2.7.18-tuxcare.11 of org.springframework.boot:spring-boot-starter-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.18-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:275223c1-b584-5153-98a1-bb731b0f39ee", "id": "CVE-2024-38807", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38807 is fixed in version 2.7.18-tuxcare.11 of org.springframework.boot:spring-boot-starter-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.18-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:97ea4d12-6ed5-54d6-863e-b7538c19dd6b", "id": "CVE-2025-22235", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22235 is fixed in version 2.7.18-tuxcare.11 of org.springframework.boot:spring-boot-starter-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.18-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:bac2f325-06b1-5b60-9495-7c66f8e97e56", "id": "CVE-2026-22733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22733 affects version 2.7.18-tuxcare.11 of org.springframework.boot:spring-boot-starter-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.18-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:f7122700-a550-5edd-b1ac-304b37e9e8b4", "id": "CVE-2026-40972", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40972 affects version 2.7.18-tuxcare.11 of org.springframework.boot:spring-boot-starter-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.18-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:69c155a3-51a2-5985-8eb8-3072bfc30d1b", "id": "CVE-2026-40973", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40973 affects version 2.7.18-tuxcare.11 of org.springframework.boot:spring-boot-starter-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.18-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:f1cd4edc-9cad-5c22-bff2-c92f843d971c", "id": "CVE-2026-40974", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40974 affects version 2.7.18-tuxcare.11 of org.springframework.boot:spring-boot-starter-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.18-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:b485dfaf-5511-577f-9dc7-df8a407b7aac", "id": "CVE-2026-40975", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40975 affects version 2.7.18-tuxcare.11 of org.springframework.boot:spring-boot-starter-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.18-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:e394a734-90d5-54ae-90ab-4273f530810b", "id": "CVE-2026-40977", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-40977 affects version 2.7.18-tuxcare.11 of org.springframework.boot:spring-boot-starter-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.18-tuxcare.11" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework.boot/spring-boot-starter-webflux@2.7.18-tuxcare.11" } ] }