Browse Security Advisories
Security Advisories for org.springframework.security:spring-security-core Clear Filters
High
15 days ago
Spring Security annotation detection mechanism has authorization bypass
maven
org.springframework.security:spring-security-core
Moderate
6 months ago
Spring Security Vulnerable to Authorization Bypass via Security Annotations
maven
org.springframework.security:spring-security-core
Moderate
10 months ago
Spring Framework has Authorization Bypass for Case Sensitive Comparisons
maven
org.springframework.security:spring-security-core
Moderate
about 1 year ago
Spring Security Missing Authorization vulnerability
maven
org.springframework.security:spring-security-core
High
over 1 year ago
Erroneous authentication pass in Spring Security
maven
org.springframework.security:spring-security-core
High
over 1 year ago
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
maven
org.springframework.security:spring-security-core
Moderate
over 2 years ago
Spring Security logout not clearing security context
maven
org.springframework.security:spring-security-core
Critical
almost 3 years ago
Spring Security authorization rules can be bypassed via forward or include dispatcher types
maven
org.springframework.security:spring-security-core
Critical
over 3 years ago
Authorization bypass in Spring Security
maven
org.springframework.security:spring-security-core
Moderate
over 3 years ago
Integer overflow in BCrypt class in Spring Security
maven
org.springframework.security:spring-security-core
Moderate
over 3 years ago
Improper Control of Generation of Code in Spring Security
maven
org.springframework.security:spring-security-core
Moderate
over 3 years ago
Exposure of Sensitive Information to an Unauthorized Actor in Spring Security
maven
org.springframework.security:spring-security-core
Moderate
over 3 years ago
Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security
maven
org.springframework.security:spring-security-core
Moderate
over 3 years ago
Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data
maven
org.springframework.security:spring-security-core, org.springframework:spring-core
Moderate
over 3 years ago
Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security
maven
org.springframework.security:spring-security-core
High
over 3 years ago
Deserialization of Untrusted Data in Spring Security
maven
org.springframework.security:spring-security-core
High
over 3 years ago
Improper Authentication in Spring Security
maven
org.springframework.security:spring-security-core
High
about 4 years ago
Resource Exhaustion in Spring Security
maven
org.springframework.security:spring-security-oauth2-client, org.springframework.security:spring-security-core
High
about 5 years ago
Security Constraint Bypass in Spring Security
maven
org.springframework.security:spring-security-core
Critical
about 5 years ago
Authorization Bypass in Spring Security
maven
org.springframework.security:spring-security-core
Moderate
over 5 years ago
Insufficient Entropy in Spring Security
maven
org.springframework.security:spring-security-core
High
over 5 years ago
Signature wrapping vulnerability in Spring Security
maven
org.springframework.security:spring-security-core
High
over 6 years ago
Insufficiently Protected Credentials and Improper Authentication in Spring Security
maven
org.springframework.security:spring-security-cas, org.springframework.security:spring-security-core
Moderate
over 6 years ago
Spring Security uses insufficiently random values
maven
org.springframework.security:spring-security-core
High
almost 7 years ago
Spring Security vulnerable to Authorization Bypass
maven
org.springframework.security:spring-security-oauth2-jose, org.springframework.security:spring-security-core
High
almost 7 years ago
Spring Security and Spring Framework may not recognize certain paths that should be protected
maven
org.springframework.security:spring-security-core, org.springframework:spring-core
Moderate
almost 7 years ago
Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
maven
org.springframework.security:spring-security-core, org.springframework:spring-core
Filter by Severity
Filter by Ecosystem
maven
6,751
packagist
5,254
pypi
4,829
npm
4,305
go
2,849
nuget
1,576
cargo
1,085
rubygems
900
actions
39
hex
38
swift
36
pub
9
Filter by Package
tensorflow
430
moodle/moodle
417
tensorflow-cpu
409
tensorflow-gpu
407
magento/community-edition
262
Microsoft.ChakraCore
247
org.jenkins-ci.main:jenkins-core
242
typo3/cms
188
com.liferay.portal:release.portal.bom
138
org.apache.tomcat:tomcat
134
github.com/mattermost/mattermost/server/v8
129
com.liferay.portal:release.dxp.bom
124
pimcore/pimcore
120
dolibarr/dolibarr
116
phpmyadmin/phpmyadmin
107
typo3/cms-core
104
microweber/microweber
103
Django
103
drupal/core
98
magento/project-community-edition
97
silverstripe/framework
91
apache-airflow
86
librenms/librenms
83
drupal/drupal
81
thorsten/phpmyfaq
73
Plone
70
com.fasterxml.jackson.core:jackson-databind
69
github.com/usememos/memos
68
concrete5/concrete5
67
salt
65
ansible
63
apache-superset
61
actionpack
59
shopware/platform
58
symfony/symfony
58
org.apache.struts:struts2-core
57
github.com/grafana/grafana
56
mlflow
53
craftcms/cms
53
org.keycloak:keycloak-core
50
github.com/hashicorp/vault
49
nova
48
github.com/rancher/rancher
48
baserproject/basercms
47
mautic/core
47
shopware/core
46
nokogiri
46
gradio
44
vyper
44
org.xwiki.platform:xwiki-platform-oldcore
43
rdiffweb
42
matrix-synapse
42
nilsteampassnet/teampass
42
org.keycloak:keycloak-services
42
k8s.io/kubernetes
42
github.com/mattermost/mattermost-server
41
mantisbt/mantisbt
41
showdoc/showdoc
41
org.elasticsearch:elasticsearch
41
intelliants/subrion
40
froxlor/froxlor
40
picklescan
39
directus
38
snipe/snipe-it
38
org.apache.tomcat.embed:tomcat-embed-core
37
com.thoughtworks.xstream:xstream
37
net.mingsoft:ms-mcms
36
com.jfinal:jfinal
36
github.com/mattermost/mattermost-server/v6
36
github.com/argoproj/argo-cd/v2
36
moin
35
io.undertow:undertow-core
35
github.com/answerdev/answer
34
org.jenkins-ci.plugins:script-security
33
parse-server
33
zendframework/zendframework1
33
gogs.io/gogs
32
keystone
32
github.com/cilium/cilium
31
github.com/hashicorp/nomad
31
opencv-python
31
shopware/shopware
31
opencv-contrib-python
30
github.com/argoproj/argo-cd
30
django
30
getgrav/grav
30
rack
30
github.com/docker/docker
29
next
29
github.com/hashicorp/consul
29
Pillow
28
pillow
28
plone
28
mediawiki/core
28
electron
28
org.opencms:opencms-core
27
DotNetNuke.Core
27
org.apache.solr:solr-core
27
org.springframework.security:spring-security-core
27
centreon/centreon
27
contao/core-bundle
27
prestashop/prestashop
27
vllm
25
openssl-src
25
open-webui
25
pocketmine/pocketmine-mp
25
rubygems-update
25
github.com/traefik/traefik/v2
25
org.eclipse.jetty:jetty-server
25
flowise
24
getkirby/cms
24
org.keycloak:keycloak-parent
24
surrealdb
24
remdex/livehelperchat
23
pyload-ng
23
puppet
23
grumpydictator/firefly-iii
23
simplesamlphp/simplesamlphp
23
activerecord
22
org.apache.openmeetings:openmeetings-parent
22
tribalsystems/zenario
22
contao/contao
22
ckb
22
laravel/framework
22
glance
21
@openzeppelin/contracts
21
github.com/goharbor/harbor
21
@openzeppelin/contracts-upgradeable
21
org.apache.nifi:nifi
21
github.com/ethereum/go-ethereum
21
org.apache.tomcat:tomcat-catalina
21
org.bouncycastle:bcprov-jdk15on
21
cockpit-hq/cockpit
20
org.xwiki.platform:xwiki-platform-web-templates
20
funadmin/funadmin
20
wasmtime
20
typo3/cms-backend
20
code.gitea.io/gitea
20
ethyca-fides
20
org.cloudfoundry.identity:cloudfoundry-identity-server
20
aim
20
zendframework/zendframework
20
deno
19
neutron
19
transformers
19
helm.sh/helm/v3
19
topthink/framework
19
github.com/zitadel/zitadel
19
phpoffice/phpspreadsheet
19
org.apache.jspwiki:jspwiki-main
18
golang.org/x/net
18
genix/cms
18
forkcms/forkcms
18
cobbler
18
Microsoft.AspNetCore.App.Runtime.win-x86
18
Microsoft.AspNetCore.App.Runtime.win-x64
18
org.springframework:spring-core
18
langchain
18
mercurial
18
mindsdb
18
com.vaadin:vaadin-bom
18
Microsoft.AspNetCore.App.Runtime.linux-arm
17
notebook
17
github.com/openfga/openfga
17
francoisjacquet/rosariosis
17
OctoPrint
17
yetiforce/yetiforce-crm
17
Microsoft.AspNetCore.App.Runtime.win-arm
17
cakephp/cakephp
17
opencart/opencart
17
openmage/magento-lts
17
org.apache.inlong:manager-pojo
17
cryptography
17
ezsystems/ezpublish-kernel
17
calibreweb
17
Microsoft.AspNetCore.App.Runtime.linux-arm64
17
org.apache.geode:geode-core
17
tinymce
16
ghost
16
lollms
16
paddlepaddle
16
github.com/traefik/traefik/v3
16
org.apache.activemq:activemq-client
16
org.apache.ranger:ranger
16
sequelize
16
org.apache.dubbo:dubbo
16
rusqlite
16
phpbb/phpbb
16
Microsoft.AspNetCore.App.Runtime.win-arm64
16
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64
16
october/system
16
Microsoft.AspNetCore.App.Runtime.linux-musl-x64
16
PaddlePaddle
16
h2o
15
Microsoft.AspNetCore.App.Runtime.linux-x64
15
Microsoft.AspNetCore.App.Runtime.osx-x64
15
org.apache.tomcat:tomcat-coyote
15
github.com/containerd/containerd
15
vite
15
publify_core
15