{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fe618696-6f24-550c-8abf-c146014c779c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1", "type": "library", "group": "io.netty", "name": "netty-codec-mqtt", "version": "4.1.63.Final-tuxcare.1", "purl": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4c40d381-8bbd-5c67-83f9-2185227cfa11", "id": "CVE-2021-37136", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-37136 is fixed in version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b56fcf76-9bec-5885-87f2-e2ec7e7009b0", "id": "CVE-2021-37137", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-37137 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28dc433c-0ffd-55a7-8e96-74f8db4b8d68", "id": "CVE-2021-43797", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-43797 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a56915fa-e192-5bb3-a94e-dbcda1ce41e2", "id": "CVE-2022-24823", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-24823 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1a9b05eb-7284-5fe3-8e86-96cd6345990e", "id": "CVE-2022-41881", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-41881 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b92be29-8fef-5b2f-a23e-881ccea0483a", "id": "CVE-2022-41915", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-41915 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2189b9ed-d9cf-56f4-ba98-18431be438be", "id": "CVE-2023-34462", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34462 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:290da5cd-600f-5ba9-aa4a-4f32a2feebc8", "id": "CVE-2023-44487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-44487 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:825d26b5-ffdd-52d0-a89b-9ba2a9f80818", "id": "CVE-2023-4586", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2023-4586 is a false positive for io.netty:netty-codec-mqtt 4.1.63.Final-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c986638-e6e1-5b13-b023-6e6a31272c42", "id": "CVE-2024-29025", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-29025 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e3e14440-c98d-561a-96c8-006855ecbc9b", "id": "CVE-2024-47535", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-47535 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7415c5b-c633-5430-a989-fca1c750e40d", "id": "CVE-2025-24970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-24970 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4031aaf-ae78-544f-998b-472f54c63b39", "id": "CVE-2025-25193", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-25193 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67edef1c-8ed8-560e-a25d-efd77ff9b176", "id": "CVE-2025-55163", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55163 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a08551e-413d-5848-b624-279cd8a3d168", "id": "CVE-2025-58056", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58056 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d788a4ea-7656-5742-9bcb-fda95f6459dd", "id": "CVE-2025-58057", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-58057 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f0963aa9-34fe-5426-8edb-7764f1d91ad7", "id": "CVE-2025-59419", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-59419 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ddb674c5-9344-53ab-b216-0619ea3e67b6", "id": "CVE-2025-67735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-67735 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0aa7407b-a079-588d-a97d-773ebc099c3a", "id": "CVE-2026-33870", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33870 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d37449f-e95e-5812-a770-4a6e0ce71f62", "id": "CVE-2026-33871", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-33871 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f226768-6dfd-5511-934b-819c38097079", "id": "CVE-2026-41417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41417 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b0ee239-b0fa-5222-b16f-793eddde092e", "id": "CVE-2026-42577", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42577 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:145b6347-c3f9-5b38-84e3-2a4632dec4f5", "id": "CVE-2026-42578", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42578 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:46924fbd-5a1f-534d-9ca0-d54155891d23", "id": "CVE-2026-42579", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42579 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73a2fe91-f445-576c-b44b-33bb48ca3479", "id": "CVE-2026-42580", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42580 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:787ba65c-b8b8-5324-99f0-b459deb192f7", "id": "CVE-2026-42581", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42581 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:735c11b2-0baf-56ed-a780-87e98992a489", "id": "CVE-2026-42584", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42584 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b184db06-040f-5f90-9181-9b93627faf1c", "id": "CVE-2026-42585", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42585 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2f0919e3-1f4c-5a1c-8794-6d8558fdcecc", "id": "CVE-2026-42586", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42586 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:40a772a0-0942-5006-8db8-f3394f04a12c", "id": "CVE-2026-42587", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42587 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c7fa324c-9d1c-53da-b428-727f4efce6be", "id": "CVE-2026-44248", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44248 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:70876d44-4c82-56ba-ab98-c601b8bd18f8", "id": "CVE-2026-44249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44249 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a238d8a4-6a6e-54e0-8b3b-51314aabf956", "id": "CVE-2026-44250", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44250 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:533e7e0d-3945-5466-9193-aa088fbc96a5", "id": "CVE-2026-44890", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44890 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd8a110c-dbd8-5938-9a08-cdd96da5c77d", "id": "CVE-2026-44893", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-44893 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:44d97d26-b9fc-505e-bf1a-91275eb7419d", "id": "CVE-2026-45416", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45416 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2803499-f459-54d5-b771-ae8c73a3d3f4", "id": "CVE-2026-45536", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45536 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7464613c-d659-58d9-95de-89da140fa15f", "id": "CVE-2026-45673", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45673 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:800398b4-ba46-553f-8d3f-a06fa1d9d138", "id": "CVE-2026-45674", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-45674 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1a5cdb4-c073-54e3-b556-ed7ebc350c2b", "id": "CVE-2026-46340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46340 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3b295c2-6c9f-58de-bf9a-20f48ffbf3a9", "id": "CVE-2026-47244", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47244 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:20ee5dad-07a4-504b-8e73-c11d1e7588e3", "id": "CVE-2026-47691", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-47691 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d72a0ab2-726a-5e69-814f-5de410dedc82", "id": "CVE-2026-48006", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-48006 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:56200996-76dc-5711-8e78-a6299d31243a", "id": "CVE-2026-48043", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-48043 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f28bdaa6-ed00-5b1f-ab6b-12048bab65de", "id": "CVE-2026-48059", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-48059 affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb34ace4-d748-5e55-bc54-af17ed74929b", "id": "GHSA-xpw8-rcwv-8f8p", "analysis": { "state": "exploitable", "detail": "Vulnerability GHSA-xpw8-rcwv-8f8p affects version 4.1.63.Final-tuxcare.1 of io.netty:netty-codec-mqtt." }, "affects": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/io.netty/netty-codec-mqtt@4.1.63.Final-tuxcare.1" } ] }