Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
maven org.springframework.security:spring-security-core Security Advisories
Browse all Security Advisories for maven org.springframework.security:spring-security-core
Loading...
Moderate
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 3 months ago
GSA_kwCzR0hTQS1obXFmLXdwcTktanE4M84AA-ya
Spring Security Missing Authorization vulnerabilityEcosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 3 months ago
High
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: 8 months ago
GSA_kwCzR0hTQS1mM2poLXF2bTQtbWczOc4AA6FU
Erroneous authentication pass in Spring SecurityEcosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: 8 months ago
High
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: 9 months ago
GSA_kwCzR0hTQS13M3c2LTI2ZjItcDQ3NM4AA5YR
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticatedEcosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: 9 months ago
Moderate
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: over 1 year ago
GSA_kwCzR0hTQS14ODczLTZyZ2MtOTRqY84AAy4e
Spring Security logout not clearing security contextEcosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: over 1 year ago
Critical
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 45.5
Published: about 2 years ago
GSA_kwCzR0hTQS1tbW1oLXdjeG0tMndyNM4AAvnr
Spring Security authorization rules can be bypassed via forward or include dispatcher typesEcosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 45.5
Published: about 2 years ago
Critical
Ecosystems: maven
Packages: org.springframework.security:spring-security-web, org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 47.1
Published: over 2 years ago
GSA_kwCzR0hTQS1oaDMyLTczNDQtY2cyZs4AAgbh
Authorization bypass in Spring SecurityEcosystems: maven
Packages: org.springframework.security:spring-security-web, org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 47.1
Published: over 2 years ago
Moderate
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: over 2 years ago
GSA_kwCzR0hTQS13eDU0LTMyNzgtbTVnNM4AAgbg
Integer overflow in BCrypt class in Spring SecurityEcosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: over 2 years ago
Moderate
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
GSA_kwCzR0hTQS01eG05LXJmNjMtd2o3aM4AAfZs
Improper Control of Generation of Code in Spring SecurityEcosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
GSA_kwCzR0hTQS0zNTMzLXJ2cGMtNng1Ns4AAfYQ
Exposure of Sensitive Information to an Unauthorized Actor in Spring SecurityEcosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
GSA_kwCzR0hTQS00NjQ0LWhnMzUtNTVtOc4AAe8W
Concurrent Execution using Shared Resource with Improper Synchronization in Spring SecurityEcosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
Ecosystems: maven
Packages: org.springframework.security:spring-security-core, org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
GSA_kwCzR0hTQS1mODY2LW05bXYtMnhyM84AAWLy
Spring Framework and Spring Security vulnerable to Deserialization of Untrusted DataEcosystems: maven
Packages: org.springframework.security:spring-security-core, org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
Ecosystems: maven
Packages: org.acegisecurity:acegi-security, org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
GSA_kwCzR0hTQS0zMjk1LWg5cXgtcjgyeM4AAV5T
Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi SecurityEcosystems: maven
Packages: org.acegisecurity:acegi-security, org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: over 2 years ago
GSA_kwCzR0hTQS12aHJnLXYzY3YtcDI0N83otA
Deserialization of Untrusted Data in Spring SecurityEcosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: over 2 years ago
High
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 33.9
Published: over 2 years ago
GSA_kwCzR0hTQS1ndjl2LWMzNzUtaHZtZ83mmg
Improper Authentication in Spring SecurityEcosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 33.9
Published: over 2 years ago
High
Ecosystems: maven
Packages: org.springframework.security:spring-security-oauth2-client, org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc5amctZ3Znci0zNTRt
Resource Exhaustion in Spring SecurityEcosystems: maven
Packages: org.springframework.security:spring-security-oauth2-client, org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: over 3 years ago
High
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzNWMtNDlqNi1xOGhx
Security Constraint Bypass in Spring SecurityEcosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: about 4 years ago
Critical
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 45.5
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdtdjQtNXc3Ni12cDln
Authorization Bypass in Spring SecurityEcosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 45.5
Published: about 4 years ago
Moderate
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwcHAtOTQ5Ni1wMjNx
Insufficient Entropy in Spring SecurityEcosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 4 years ago
High
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ4cnctajQ4OS05Mjht
Signature wrapping vulnerability in Spring SecurityEcosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: over 4 years ago
High
Ecosystems: maven
Packages: org.springframework.security:spring-security-cas, org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 33.9
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzM3gtcHJoYy1ncGg1
Insufficiently Protected Credentials and Improper Authentication in Spring SecurityEcosystems: maven
Packages: org.springframework.security:spring-security-cas, org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 33.9
Published: over 5 years ago
Moderate
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYycjItN3FtNy1qajZ2
Spring Security uses insufficiently random valuesEcosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: over 5 years ago
High
Ecosystems: maven
Packages: org.springframework.security:spring-security-oauth2-jose, org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3eHctcDh2Ni05ampy
Spring Security vulnerable to Authorization BypassEcosystems: maven
Packages: org.springframework.security:spring-security-oauth2-jose, org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 6 years ago
High
Ecosystems: maven
Packages: org.springframework.security:spring-security-core, org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: about 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjcnYtNDlmci0yaDZq
Spring Security and Spring Framework may not recognize certain paths that should be protectedEcosystems: maven
Packages: org.springframework.security:spring-security-core, org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: about 6 years ago
Moderate
Ecosystems: maven
Packages: org.springframework.security:spring-security-core, org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: about 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY1OTYtZndocS04eDQ4
Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-coreEcosystems: maven
Packages: org.springframework.security:spring-security-core, org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: about 6 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 5
Ecosystems: 12
Packages: 9,040
Repositories: 5
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
org.jenkins-ci.main:jenkins-core
193
org.apache.tomcat:tomcat
132
com.fasterxml.jackson.core:jackson-databind
69
org.apache.struts:struts2-core
55
org.keycloak:keycloak-core
51
com.liferay.portal:release.portal.bom
46
org.apache.tomcat.embed:tomcat-embed-core
38
com.thoughtworks.xstream:xstream
37
org.xwiki.platform:xwiki-platform-oldcore
37
org.keycloak:keycloak-services
36
org.elasticsearch:elasticsearch
36
com.jfinal:jfinal
36
net.mingsoft:ms-mcms
35
io.undertow:undertow-core
34
org.jenkins-ci.plugins:script-security
33
org.apache.solr:solr-core
25
org.keycloak:keycloak-parent
25
org.eclipse.jetty:jetty-server
24
org.springframework.security:spring-security-core
24
org.bouncycastle:bcprov-jdk14
22
org.apache.nifi:nifi
21
org.apache.openmeetings:openmeetings-parent
21
org.cloudfoundry.identity:cloudfoundry-identity-server
20
org.springframework:spring-core
19
org.xwiki.platform:xwiki-platform-web-templates
19
com.vaadin:vaadin-bom
18
com.liferay.portal:release.dxp.bom
18
org.apache.geode:geode-core
17
org.apache.dubbo:dubbo
16
org.bouncycastle:bcprov-jdk15
16
org.apache.activemq:activemq-client
16
org.apache.jspwiki:jspwiki-main
16
org.apache.struts.xwork:xwork-core
15
org.apache.tomcat:tomcat-coyote
14
org.apache.inlong:manager-pojo
14
org.xwiki.platform:xwiki-platform-web
14
org.apache.hadoop:hadoop-main
13
org.apache.cxf:cxf
13
org.jenkins-ci.plugins.workflow:workflow-cps
13
org.jenkins-ci.plugins:git
12
org.bouncycastle:bcprov-jdk15on
12
org.apache.dolphinscheduler:dolphinscheduler
12
org.jeecgframework.boot:jeecg-boot-parent
12
com.vaadin:flow-server
12
org.apache.hadoop:hadoop-common
12
org.springframework:spring-webmvc
11
org.apache.jspwiki:jspwiki-war
11
org.igniterealtime.openfire:parent
11
org.apache.camel:camel-core
11
org.jenkins-ci.plugins:email-ext
11
org.apache.commons:commons-compress
11
org.apache.james:james-server
11
com.xuxueli:xxl-job
11
org.apache.cxf:cxf-core
11
org.jeecgframework.boot:jeecg-boot-common
11
org.apache.ranger:ranger
11
org.apache.tika:tika-core
11
org.mortbay.jetty:jetty
11
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
10
org.xwiki.platform:xwiki-platform-administration-ui
10
org.apache.tomcat:tomcat-catalina
10
org.springframework:spring-web
10
org.jboss.netty:netty
10
org.apache.inlong:manager-service
10
io.netty:netty
10
org.apache.xmlgraphics:batik
9
org.webjars:bootstrap
9
bootstrap
9
twbs/bootstrap
9
org.craftercms:crafter-studio
9
org.jenkins-ci.plugins:config-file-provider
9
org.apache.archiva:archiva
9
org.apache.tapestry:tapestry-core
9
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
9
org.apache.shiro:shiro-core
9
org.apache.linkis:linkis
9
org.opennms:opennms
9
cn.hutool:hutool-core
9
org.opencrx:opencrx-core-models
9
io.jenkins:configuration-as-code
9
org.jenkins-ci.plugins:electricflow
9
org.apache.hive:hive
9
org.opencms:opencms-core
9
org.apache.kylin:kylin
9
bootstrap
9
org.bouncycastle:bcprov-jdk15to18
9
org.jenkins-ci.plugins:active-directory
9
bootstrap
9
org.jenkins-ci.plugins:ec2
8
org.postgresql:postgresql
8
org.apache.zeppelin:zeppelin
8
pyspark
8
org.webjars.npm:jquery
8
org.apache.hive:hive-exec
8
io.jenkins.blueocean:blueocean
8
com.hazelcast:hazelcast
8
org.yaml:snakeyaml
8
org.graylog2:graylog2-server
8
org.apache.santuario:xmlsec
8
jquery-rails
8
jquery
8
mysql:mysql-connector-java
8
org.apache.ozone:ozone-main
8
org.apache.pdfbox:pdfbox
8
org.apache.ambari:ambari
8
rubygems-update
7
org.apache.hive:hive-service
7
org.apache.spark:spark-core_2.11
7
org.apache.tika:tika
7
org.apache.activemq:activemq-parent
7
org.jenkins-ci.plugins:jobConfigHistory
7
org.apache.logging.log4j:log4j-core
7
org.jboss.resteasy:resteasy-client
7
jQuery
7
io.atomix:atomix
7
jquery-ui-rails
7
org.jenkins-ci.plugins:artifactory
7
io.jenkins.plugins:miniorange-saml-sp
7
org.jruby:jruby-stdlib
7
org.owasp.antisamy:antisamy
7
net.opentsdb:opentsdb
7
org.jeecgframework.boot:jeecg-boot-base
7
org.apache.atlas:atlas-common
7
io.jenkins.plugins:warnings-ng
7
org.webjars.npm:jquery-ui
7
org.jenkins-ci.plugins:openshift-deployer
7
bootstrap-sass
7
org.apache.cxf:apache-cxf
7
org.jenkins-ci.plugins:subversion
7
bootstrap.sass
7
org.apache.derby:derby
7
io.dataease:dataease-plugin-common
7
org.apache.inlong:manager-web
7
org.apache.poi:poi
7
org.silverpeas.core:silverpeas-core-web
7
org.apache.karaf:apache-karaf
7
io.jenkins.plugins:cavisson-ns-nd-integration
7
jquery-ui
7
org.jenkins-ci.plugins:oic-auth
7
org.owasp.esapi:esapi
7
org.jenkins-ci.plugins:rundeck
7
org.jenkins-ci.plugins:mercurial
7
jQuery.UI.Combined
7
org.jenkins-ci.plugins:pipeline-maven
6
org.apache.httpcomponents:httpclient
6
org.apache.druid:druid
6
com.xebialabs.deployit.ci:deployit-plugin
6
org.apache.mesos:mesos
6
org.jenkins-ci.plugins:gitlab-oauth
6
org.apache.pulsar:pulsar-broker
6
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
6
org.infinispan:infinispan-core
6
com.google.protobuf:protobuf-java
6
io.netty:netty-handler
6
commons-fileupload:commons-fileupload
6
hudson.plugins:project-inheritance
6
org.apache.shenyu:shenyu-common
6
axis:axis
6
org.apache.axis:axis
6
org.apache.solr:solr-parent
6
tech.powerjob:powerjob
6
com.jflyfox:jflyfox_jfinal
6
org.csanchez.jenkins.plugins:kubernetes
6
org.apache.spark:spark-core_2.10
6
org.opencastproject:opencast-kernel
6
org.apache.storm:storm-core
6
org.xwiki.commons:xwiki-commons-xml
6
de.tum.in.ase:artemis-java-test-sandbox
6
io.netty:netty-codec-http
6
org.apache.syncope:syncope-core
6
org.jenkins-ci.plugins:ec2-deployment-dashboard
6
org.bouncycastle:bcprov-jdk18on
6
org.opensearch.plugin:opensearch-security
6
org.apache.struts:struts2-rest-plugin
6
org.jenkins-ci.plugins:repository-connector
6
org.jenkins-ci.plugins:fortify-on-demand-uploader
6
cn.hutool:hutool-json
6
org.jenkins-ci.plugins:azure-vm-agents
6
org.jboss.resteasy:resteasy-bom
5
com.synopsys.jenkinsci:ownership
5
org.jenkins-ci.plugins:google-login
5
org.jenkins-ci.plugins:junit
5
org.dspace:dspace-jspui
5
org.geoserver:gs-main
5
org.apache.kylin:kylin-server-base
5
log4j:log4j
5
org.apache.zookeeper:zookeeper
5
com.nimbusds:nimbus-jose-jwt
5
struts:struts
5
com.mabl.integration.jenkins:mabl-integration
5
ca.uhn.hapi.fhir:org.hl7.fhir.utilities
5
org.jenkins-ci.plugins.m2release:m2release
5
org.apache.ignite:ignite-core
5
ca.uhn.hapi.fhir:org.hl7.fhir.r5
5
com.vaadin:vaadin-server
5
ca.uhn.hapi.fhir:org.hl7.fhir.r4b
5
org.jenkins-ci.plugins:extended-choice-parameter
5
org.springframework.security.oauth:spring-security-oauth2
5
org.wildfly:wildfly-parent
5
org.apache.hadoop:hadoop-client
5