Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
maven org.springframework:spring-core Security Advisories
Loading...
High
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: 3 months ago
GSA_kwCzR0hTQS1yNHEzLTdnNHEteDg5bc4AA4ms
Spring Framework server Web DoS VulnerabilityEcosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: 3 months ago
Moderate
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: almost 2 years ago
GSA_kwCzR0hTQS1yZm1wLTk3amotaDhtNs4AAqer
Improper Output Neutralization for Logs in Spring FrameworkEcosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: almost 2 years ago
High
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS13djg4LXBmNzMteDIycM4AAa4I
Improper Neutralization of Directives in Dynamically Evaluated Code in Spring FrameworkEcosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: org.springframework.security:spring-security-core, org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1mODY2LW05bXYtMnhyM84AAWLy
Spring Framework and Spring Security vulnerable to Deserialization of Untrusted DataEcosystems: maven
Packages: org.springframework.security:spring-security-core, org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1yaGNnLXJ3aHgtcWozas4AATUm
Improper Limitation of a Pathname to a Restricted Directory in Spring FrameworkEcosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS13ampyLWg0d2gtdzZ2ds3Duw
Spring Framework Inefficient Regular Expression ComplexityEcosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: over 2 years ago
GSA_kwCzR0hTQS02Z2YyLXB2cXctMzdwaM0h5Q
Log entry injection in Spring FrameworkEcosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: over 2 years ago
High
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmdnEtN3c5Ni05N3A3
Denial of Service in Spring FrameworkEcosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: almost 4 years ago
High
Ecosystems: maven
Packages: org.springframework.security:spring-security-core, org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjcnYtNDlmci0yaDZq
Spring Security and Spring Framework may not recognize certain paths that should be protectedEcosystems: maven
Packages: org.springframework.security:spring-security-core, org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: over 5 years ago
High
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnZjktaDY5cC1wY2dm
Files or Directories Accessible to External Parties in org.springframework:spring-coreEcosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: over 5 years ago
Moderate
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1dmctMnY3My12bTYy
Moderate severity vulnerability that affects org.springframework:spring-coreEcosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNybXYtMnBnNS14dnFq
Improperly Implemented Security Check for Standard in org.springframework:spring-coreEcosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: over 5 years ago
High
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ0ODcteDM4My1xcHBo
Possible privilege escalation in org.springframework:spring-coreEcosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: over 5 years ago
Moderate
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4aHctNzk0Yy00ajln
Path Traversal in org.springframework:spring-coreEcosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA1aGctM3htMy1nY2pn
Spring Framework allows applications to expose STOMP over WebSocket endpointsEcosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: over 5 years ago
High
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 45.7
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4cmotNjZjNS05Zm1o
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypassEcosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 45.7
Published: over 5 years ago
Moderate
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJjcGYtdmo1My03aDJt
Denial of Service in org.springframework:spring-coreEcosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 5 years ago
Moderate
Ecosystems: maven
Packages: org.springframework.security:spring-security-core, org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY1OTYtZndocS04eDQ4
Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-coreEcosystems: maven
Packages: org.springframework.security:spring-security-core, org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: over 5 years ago
Moderate
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYyNngtcHI5Ni12dzg2
Moderate severity vulnerability that affects org.springframework:spring-coreEcosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: over 5 years ago
Statistics
Advisories: 17,466
Packages: 8,120
Repositories: 3
Ecosystems: 12
Packages: 8,120
Repositories: 3
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
org.jenkins-ci.main:jenkins-core
189
org.apache.tomcat:tomcat
140
com.fasterxml.jackson.core:jackson-databind
69
org.apache.struts:struts2-core
55
com.liferay.portal:release.portal.bom
45
org.keycloak:keycloak-core
43
com.thoughtworks.xstream:xstream
36
com.jfinal:jfinal
36
net.mingsoft:ms-mcms
35
org.xwiki.platform:xwiki-platform-oldcore
34
org.elasticsearch:elasticsearch
32
org.apache.tomcat.embed:tomcat-embed-core
31
org.jenkins-ci.plugins:script-security
30
io.undertow:undertow-core
27
org.keycloak:keycloak-services
26
org.keycloak:keycloak-parent
26
org.apache.solr:solr-core
25
org.eclipse.jetty:jetty-server
23
org.springframework.security:spring-security-core
23
org.apache.nifi:nifi
22
org.apache.openmeetings:openmeetings-parent
21
org.cloudfoundry.identity:cloudfoundry-identity-server
20
org.springframework:spring-core
19
com.liferay.portal:release.dxp.bom
18
org.bouncycastle:bcprov-jdk14
18
com.vaadin:vaadin-bom
18
org.apache.geode:geode-core
17
org.xwiki.platform:xwiki-platform-web-templates
17
org.apache.activemq:activemq-client
16
org.bouncycastle:bcprov-jdk15
16
org.apache.dubbo:dubbo
16
org.apache.jspwiki:jspwiki-main
15
org.apache.struts.xwork:xwork-core
15
org.xwiki.platform:xwiki-platform-web
14
org.apache.hadoop:hadoop-main
13
org.apache.cxf:cxf
13
org.apache.inlong:manager-pojo
13
org.apache.dolphinscheduler:dolphinscheduler
12
org.jenkins-ci.plugins:git
12
com.vaadin:flow-server
12
org.jenkins-ci.plugins.workflow:workflow-cps
12
org.apache.commons:commons-compress
11
org.jeecgframework.boot:jeecg-boot-common
11
org.apache.james:james-server
11
org.mortbay.jetty:jetty
11
org.apache.ranger:ranger
11
org.apache.hadoop:hadoop-common
11
org.apache.tika:tika-core
11
org.apache.cxf:cxf-core
11
org.jeecgframework.boot:jeecg-boot-parent
11
com.xuxueli:xxl-job
11
org.apache.jspwiki:jspwiki-war
11
org.igniterealtime.openfire:parent
11
org.apache.camel:camel-core
11
org.jenkins-ci.plugins:email-ext
11
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
10
io.netty:netty
10
org.xwiki.platform:xwiki-platform-administration-ui
10
org.jboss.netty:netty
10
org.apache.inlong:manager-service
10
org.apache.shiro:shiro-core
9
org.jenkins-ci.plugins:active-directory
9
org.apache.archiva:archiva
9
cn.hutool:hutool-core
9
org.apache.xmlgraphics:batik
9
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
9
org.bouncycastle:bcprov-jdk15on
9
org.opennms:opennms
9
org.opencrx:opencrx-core-models
9
org.apache.tapestry:tapestry-core
9
io.jenkins:configuration-as-code
9
org.webjars.npm:jquery
9
org.springframework:spring-webmvc
9
jquery-rails
9
jquery
9
org.craftercms:crafter-studio
9
org.jenkins-ci.plugins:config-file-provider
9
org.apache.hive:hive
9
org.jenkins-ci.plugins:electricflow
9
org.yaml:snakeyaml
8
org.springframework:spring-web
8
org.opencms:opencms-core
8
org.apache.kylin:kylin
8
org.apache.ambari:ambari
8
org.graylog2:graylog2-server
8
org.apache.pdfbox:pdfbox
8
org.apache.santuario:xmlsec
8
org.apache.hive:hive-exec
8
org.postgresql:postgresql
8
org.jenkins-ci.plugins:ec2
8
mysql:mysql-connector-java
8
jQuery
8
org.apache.zeppelin:zeppelin
8
com.hazelcast:hazelcast
8
io.jenkins.blueocean:blueocean
8
org.apache.ozone:ozone-main
8
org.apache.linkis:linkis
7
org.apache.cxf:apache-cxf
7
org.apache.inlong:manager-web
7
org.apache.derby:derby
7
org.owasp.antisamy:antisamy
7
io.jenkins.plugins:miniorange-saml-sp
7
jQuery.UI.Combined
7
org.apache.activemq:activemq-parent
7
org.jenkins-ci.plugins:subversion
7
org.owasp.esapi:esapi
7
org.webjars.npm:jquery-ui
7
jquery-ui-rails
7
org.apache.tika:tika
7
jquery-ui
7
org.apache.karaf:apache-karaf
7
org.jenkins-ci.plugins:artifactory
7
org.jenkins-ci.plugins:jobConfigHistory
7
org.apache.logging.log4j:log4j-core
7
org.jboss.resteasy:resteasy-client
7
io.dataease:dataease-plugin-common
7
org.jruby:jruby-stdlib
7
rubygems-update
7
org.apache.spark:spark-core_2.11
7
org.jeecgframework.boot:jeecg-boot-base
7
io.jenkins.plugins:warnings-ng
7
org.apache.hive:hive-service
7
org.apache.atlas:atlas-common
7
org.jenkins-ci.plugins:openshift-deployer
7
net.opentsdb:opentsdb
7
org.apache.tomcat:tomcat-catalina
7
org.silverpeas.core:silverpeas-core-web
7
org.jenkins-ci.plugins:rundeck
7
org.jenkins-ci.plugins:mercurial
7
io.jenkins.plugins:cavisson-ns-nd-integration
7
org.apache.poi:poi
7
io.atomix:atomix
7
org.apache.tomcat:tomcat-coyote
7
com.xebialabs.deployit.ci:deployit-plugin
6
org.apache.mesos:mesos
6
org.jenkins-ci.plugins:repository-connector
6
org.jenkins-ci.plugins:pipeline-maven
6
org.apache.syncope:syncope-core
6
cn.hutool:hutool-json
6
tech.powerjob:powerjob
6
org.csanchez.jenkins.plugins:kubernetes
6
org.apache.pulsar:pulsar-broker
6
org.jenkins-ci.plugins:gitlab-oauth
6
org.apache.axis:axis
6
axis:axis
6
commons-fileupload:commons-fileupload
6
org.xwiki.commons:xwiki-commons-xml
6
org.opencastproject:opencast-kernel
6
org.apache.shenyu:shenyu-common
6
org.apache.httpcomponents:httpclient
6
org.jenkins-ci.plugins:fortify-on-demand-uploader
6
hudson.plugins:project-inheritance
6
org.apache.struts:struts2-rest-plugin
6
org.opensearch.plugin:opensearch-security
6
org.apache.solr:solr-parent
6
io.netty:netty-codec-http
6
org.apache.storm:storm-core
6
org.jenkins-ci.plugins:azure-vm-agents
6
org.apache.spark:spark-core_2.10
6
io.netty:netty-handler
6
de.tum.in.ase:artemis-java-test-sandbox
6
org.jenkins-ci.plugins:ec2-deployment-dashboard
6
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
6
com.jflyfox:jflyfox_jfinal
6
io.projectreactor.netty:reactor-netty-http
5
com.vaadin:vaadin-server
5
org.biouno:uno-choice
5
org.jenkins-ci.plugins:htmlpublisher
5
io.vertx:vertx-core
5
xerces:xercesImpl
5
com.alibaba:dubbo
5
org.jenkins-ci.plugins:matrix-project
5
org.jenkinsci.plugins:octoperf
5
org.jenkins-ci.plugins:google-login
5
org.opennms:opennms-webapp
5
edu.stanford.nlp:stanford-corenlp
5
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
5
org.jenkins-ci.plugins:websphere-deployer
5
org.jenkins-ci.plugins:azure-ad
5
org.jenkins-ci.plugins:credentials
5
org.apache.inlong:manager-dao
5
org.jenkins-ci.plugins:scriptler
5
com.ruoyi:ruoyi
5
com.google.protobuf:protobuf-java
5
org.jenkins-ci.plugins:codedx
5
org.apache.ignite:ignite-core
5
org.apache.druid:druid
5
com.mabl.integration.jenkins:mabl-integration
5
org.jenkins-ci.plugins:support-core
5
org.apache.kylin:kylin-server-base
5
org.jenkins-ci.plugins:delphix
5
org.codehaus.jettison:jettison
5
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
5
org.neo4j.procedure:apoc
5
org.jeecgframework.boot:jeecg-boot-base-core
5
org.dspace:dspace-jspui
5
org.jboss.resteasy:resteasy-bom
5
org.apache.hadoop:hadoop-client
5
org.springframework.security.oauth:spring-security-oauth2
5
org.jenkins-ci.plugins:ghprb
5