Browse Security Advisories
Security Advisories for https://github.com/spring-projects/spring-framework Clear Filters
High
6 months ago
Spring Framework annotation detection mechanism may result in improper authorization
maven
org.springframework:spring-core
Moderate
9 months ago
Spring Framework vulnerable to a reflected file download (RFD)
maven
org.springframework:spring-web
Low
10 months ago
Spring Framework DataBinder Case Sensitive Match Exception
maven
org.springframework:spring-context
High
about 1 year ago
Spring Framework Path Traversal vulnerability
maven
org.springframework:spring-webmvc, org.springframework:spring-webflux
Moderate
over 1 year ago
Spring Framework has Authorization Bypass for Case Sensitive Comparisons
maven
org.springframework.security:spring-security-core
Moderate
over 1 year ago
Spring Framework DataBinder Case Sensitive Match Exception
maven
org.springframework:spring-web, org.springframework:spring-context
Moderate
over 1 year ago
Spring Framework DoS via conditional HTTP request
maven
org.springframework:spring-web
High
over 1 year ago
Path traversal vulnerability in functional web frameworks
maven
org.springframework:spring-webflux, org.springframework:spring-webmvc
Moderate
over 1 year ago
Spring Framework vulnerable to Denial of Service
maven
org.springframework:spring-expression
High
almost 2 years ago
Spring Framework URL Parsing with Host Validation
maven
org.springframework:spring-web
High
almost 2 years ago
Spring Framework URL Parsing with Host Validation Vulnerability
maven
org.springframework:spring-web
High
about 2 years ago
Spring Web vulnerable to Open Redirect or Server Side Request Forgery
maven
org.springframework:spring-web
High
over 2 years ago
Spring Framework vulnerable to denial of service
maven
org.springframework:spring-webmvc
High
almost 3 years ago
Spring Framework vulnerable to denial of service
maven
org.springframework:spring-expression
Critical
almost 3 years ago
Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch
maven
org.springframework:spring-webmvc
Moderate
almost 3 years ago
Spring Framework vulnerable to denial of service via specially crafted SpEL expression
maven
org.springframework:spring-expression
High
over 3 years ago
TERASOLUNA Server Framework vulnerable to ClassLoader manipulation
maven
org.terasoluna.gfw:terasoluna-gfw-common
High
almost 4 years ago
Improper Privilege Management in Spring Framework
maven
org.springframework:spring-web
Critical
almost 4 years ago
Pivotal Spring Framework contains unsafe Java deserialization methods
maven
org.springframework:spring-web
Moderate
almost 4 years ago
Improper Control of Generation of Code ('Code Injection') in Spring Framework
maven
org.springframework:spring
High
almost 4 years ago
Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework
maven
org.springframework:spring-core
Moderate
almost 4 years ago
Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data
maven
org.springframework.security:spring-security-core, org.springframework:spring-core
Moderate
almost 4 years ago
Improper Neutralization of Input During Web Page Generation in Spring Framework
maven
org.springframework:spring-webmvc
Moderate
almost 4 years ago
Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
maven
org.springframework:spring-core
High
almost 4 years ago
Improper Restriction of XML External Entity Reference in Spring Framework
maven
org.springframework:spring-webmvc
Moderate
almost 4 years ago
Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
maven
org.springframework:spring-webmvc
Moderate
almost 4 years ago
Cross-Site Request Forgery in Spring Framework
maven
org.springframework:spring-web
Moderate
almost 4 years ago
Cross-Site Request Forgery in Spring Framework
maven
org.springframework:spring-oxm
Moderate
almost 4 years ago
Missing XML Validation in Spring Framework
maven
org.springframework:spring-oxm
Moderate
almost 4 years ago
Cross-Site Request Forgery in Spring Framework
maven
org.springframework:spring-webmvc
Moderate
almost 4 years ago
Allocation of Resources Without Limits or Throttling in Spring Framework
maven
org.springframework:spring-messaging
High
almost 4 years ago
Denial of service in Spring Framework
maven
org.springframework:spring-beans
Moderate
almost 4 years ago
Improper Neutralization of Input During Web Page Generation in Spring Framework
maven
org.springframework:spring-web
High
almost 4 years ago
Improper handling of case sensitivity in Spring Framework
maven
org.springframework:spring-context
Moderate
almost 4 years ago
Allocation of Resources Without Limits or Throttling in Spring Framework
maven
org.springframework:spring-expression
Critical
almost 4 years ago
Remote Code Execution in Spring Framework
maven
org.springframework.boot:spring-boot-starter-webflux, org.springframework:spring-webflux, org.springframework.boot:spring-boot-starter-web, org.springframework:spring-webmvc, org.springframework:spring-beans
Moderate
about 6 years ago
CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux
maven
org.springframework:spring-webflux, org.springframework:spring-webmvc
High
about 6 years ago
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application
maven
org.springframework:spring-webflux, org.springframework:spring-webmvc
High
over 7 years ago
Files or Directories Accessible to External Parties in org.springframework:spring-core
maven
org.springframework:spring-core
Moderate
over 7 years ago
Pivotal Spring Framework DoS Attack with XML Input
maven
org.springframework:spring-web
Moderate
over 7 years ago
Moderate severity vulnerability that affects org.springframework:spring-core
maven
org.springframework:spring-core
Critical
over 7 years ago
Spring Framework has Improperly Implemented Security Check for Standard
maven
org.springframework:spring-messaging
High
over 7 years ago
Possible privilege escalation in org.springframework:spring-core
maven
org.springframework:spring-core
Moderate
over 7 years ago
Path Traversal in org.springframework:spring-core
maven
org.springframework:spring-core
Critical
over 7 years ago
Spring Framework allows applications to expose STOMP over WebSocket endpoints
maven
org.springframework:spring-messaging
High
over 7 years ago
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass
maven
org.springframework:spring-core
Moderate
over 7 years ago
Denial of Service in org.springframework:spring-core
maven
org.springframework:spring-core
Moderate
over 7 years ago
Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
maven
org.springframework.security:spring-security-core, org.springframework:spring-core
Moderate
over 7 years ago
Moderate severity vulnerability that affects org.springframework:spring-core
maven
org.springframework:spring-core
Moderate
over 7 years ago
Spring Framework Cross Site Tracing (XST)
maven
org.springframework:spring-web
High
over 7 years ago
Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized
maven
org.springframework:spring-webmvc
Filter by Severity
Filter by Source
Filter by Ecosystem
maven
7,108
packagist
5,727
pypi
5,281
npm
5,220
go
3,516
nuget
2,367
cargo
1,228
rubygems
938
hex
47
actions
44
swift
41
pub
9
Filter by Package
moodle/moodle
437
tensorflow
430
tensorflow-cpu
404
tensorflow-gpu
397
magento/community-edition
324
org.jenkins-ci.main:jenkins-core
249
Microsoft.ChakraCore
247
openclaw
236
typo3/cms
165
github.com/mattermost/mattermost/server/v8
158
com.liferay.portal:release.portal.bom
157
magento/project-community-edition
155
org.apache.tomcat:tomcat
136
github.com/mattermost/mattermost-server
132
pimcore/pimcore
124
dolibarr/dolibarr
117
com.liferay.portal:release.dxp.bom
117
Django
116
typo3/cms-core
109
phpmyadmin/phpmyadmin
107
microweber/microweber
105
drupal/core
103
librenms/librenms
98
apache-airflow
97
silverstripe/framework
91
thorsten/phpmyfaq
82
craftcms/cms
82
concrete5/concrete5
74
github.com/usememos/memos
74
drupal/drupal
72
Plone
71
com.fasterxml.jackson.core:jackson-databind
69
parse-server
68
salt
67
apache-superset
66
ansible
65
shopware/platform
62
symfony/symfony
61
Magick.NET-Q16-AnyCPU
59
picklescan
59
actionpack
58
Magick.NET-Q16-HDRI-AnyCPU
58
org.apache.struts:struts2-core
58
mlflow
57
github.com/rancher/rancher
57
github.com/grafana/grafana
57
org.keycloak:keycloak-services
56
Magick.NET-Q16-HDRI-OpenMP-arm64
55
shopware/core
53
Magick.NET-Q16-HDRI-x86
53
Magick.NET-Q16-HDRI-x64
53
Magick.NET-Q16-OpenMP-x64
53
Magick.NET-Q16-HDRI-arm64
53
Magick.NET-Q8-AnyCPU
52
Magick.NET-Q16-OpenMP-arm64
52
getgrav/grav
52
Magick.NET-Q16-HDRI-OpenMP-x64
52
github.com/hashicorp/vault
51
Magick.NET-Q16-x86
51
Magick.NET-Q16-arm64
51
gogs.io/gogs
51
Magick.NET-Q8-OpenMP-arm64
50
mautic/core
50
org.keycloak:keycloak-core
50
Magick.NET-Q8-x86
49
Magick.NET-Q8-arm64
49
nova
48
Magick.NET-Q16-x64
48
gradio
47
baserproject/basercms
47
Magick.NET-Q8-OpenMP-x64
47
Magick.NET-Q8-x64
46
nokogiri
46
n8n
46
mantisbt/mantisbt
45
directus
45
org.elasticsearch:elasticsearch
44
vyper
44
k8s.io/kubernetes
43
org.xwiki.platform:xwiki-platform-oldcore
43
matrix-synapse
43
snipe/snipe-it
42
nilsteampassnet/teampass
42
rdiffweb
42
org.apache.tomcat.embed:tomcat-embed-core
41
showdoc/showdoc
41
intelliants/subrion
41
flowise
41
froxlor/froxlor
41
Magick.NET-Q16-OpenMP-x86
40
net.mingsoft:ms-mcms
39
io.undertow:undertow-core
38
github.com/mattermost/mattermost-server/v6
38
vllm
38
com.thoughtworks.xstream:xstream
37
rack
37
next
36
com.jfinal:jfinal
36
github.com/argoproj/argo-cd/v2
35
moin
35
github.com/answerdev/answer
34
keystone
33
github.com/cilium/cilium
33
org.jenkins-ci.plugins:script-security
33
shopware/shopware
33
zendframework/zendframework1
32
code.gitea.io/gitea
32
DotNetNuke.Core
32
github.com/hashicorp/nomad
32
github.com/argoproj/argo-cd
31
github.com/hashicorp/consul
31
opencv-python
31
opencv-contrib-python
31
django
31
github.com/zitadel/zitadel
31
org.apache.solr:solr-core
30
github.com/docker/docker
30
open-webui
29
contao/core-bundle
29
pillow
29
org.springframework.security:spring-security-core
28
github.com/traefik/traefik/v2
28
plone
28
mediawiki/core
28
prestashop/prestashop
28
Pillow
28
electron
28
org.apache.tomcat:tomcat-catalina
27
org.opencms:opencms-core
27
centreon/centreon
27
github.com/ethereum/go-ethereum
26
wasmtime
26
org.keycloak:keycloak-parent
26
getkirby/cms
26
surrealdb
26
org.eclipse.jetty:jetty-server
26
openssl-src
25
deno
25
pyload-ng
25
funadmin/funadmin
25
rubygems-update
25
pocketmine/pocketmine-mp
25
nocodb
25
ghost
24
grumpydictator/firefly-iii
24
github.com/traefik/traefik/v3
24
aiohttp
23
activerecord
23
remdex/livehelperchat
23
puppet
23
laravel/framework
23
org.apache.openmeetings:openmeetings-parent
22
org.bouncycastle:bcprov-jdk15on
22
ckb
22
zendframework/zendframework
22
simplesamlphp/simplesamlphp
22
tribalsystems/zenario
22
github.com/goharbor/harbor
21
@openzeppelin/contracts
21
typo3/cms-backend
21
@openzeppelin/contracts-upgradeable
21
org.xwiki.platform:xwiki-platform-web-templates
21
org.apache.nifi:nifi
21
@anthropic-ai/claude-code
21
org.cloudfoundry.identity:cloudfoundry-identity-server
21
Microsoft.AspNetCore.App.Runtime.win-x64
21
glance
21
hono
20
cockpit-hq/cockpit
20
aim
20
ethyca-fides
20
contao/contao
20
mindsdb
19
statamic/cms
19
topthink/framework
19
phpoffice/phpspreadsheet
19
sylius/sylius
19
neutron
19
Microsoft.AspNetCore.App.Runtime.win-x86
19
github.com/openfga/openfga
19
github.com/siyuan-note/siyuan/kernel
19
openmage/magento-lts
19
wwbn/avideo
19
Microsoft.AspNetCore.App.Runtime.win-arm
19
github.com/go-gitea/gitea
19
transformers
19
helm.sh/helm/v3
19
mercurial
18
golang.org/x/net
18
langchain
18
com.vaadin:vaadin-bom
18
org.apache.tomcat:tomcat-coyote
18
calibreweb
18
cakephp/cakephp
18
pgadmin4
18
phpmyfaq/phpmyfaq
18
cryptography
18
cobbler
18
Microsoft.AspNetCore.App.Runtime.linux-x64
18
forkcms/forkcms
18
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/moodle/moodle
250
https://github.com/xwiki/xwiki-platform
222
https://github.com/chakra-core/ChakraCore
214
https://github.com/jenkinsci/jenkins
178
https://github.com/liferay/liferay-portal
170
https://github.com/django/django
121
https://github.com/apache/tomcat
118
https://github.com/pimcore/pimcore
116
https://github.com/apache/airflow
105
https://github.com/TYPO3/typo3
93
https://github.com/microweber/microweber
90
https://github.com/keycloak/keycloak
90
https://github.com/librenms/librenms
77
https://github.com/FasterXML/jackson-databind
70
https://github.com/rails/rails
70
https://github.com/thorsten/phpmyfaq
69
https://github.com/usememos/memos
68
https://github.com/silverstripe/silverstripe-framework
68
https://github.com/kubernetes/kubernetes
66
https://github.com/symfony/symfony
64
https://github.com/Dolibarr/dolibarr
60
https://github.com/mattermost/mattermost
59
https://github.com/ansible/ansible
59
https://github.com/python-pillow/Pillow
52
https://github.com/spring-projects/spring-framework
51
https://github.com/argoproj/argo-cd
50
https://github.com/grafana/grafana
47
https://github.com/apache/struts
47
https://github.com/rancher/rancher
46
https://github.com/mautic/mautic
46
https://github.com/phpmyadmin/phpmyadmin
45
https://github.com/concretecms/concretecms
44
https://github.com/vyperlang/vyper
44
https://github.com/ikus060/rdiffweb
42
https://github.com/mantisbt/mantisbt
42
https://github.com/saltstack/salt
42
https://github.com/shopware/platform
42
https://github.com/craftcms/cms
41
https://github.com/directus/directus
41
https://github.com/shopware/shopware
40
https://github.com/mmaitre314/picklescan
39
https://github.com/star7th/showdoc
39
https://github.com/dotnet/runtime
38
https://github.com/magento/magento2
38
https://github.com/gradio-app/gradio
38
https://github.com/openstack/nova
38
https://github.com/plone/Products.CMFPlone
37
https://github.com/x-stream/xstream
37
https://github.com/octobercms/october
36
https://github.com/mlflow/mlflow
36
https://github.com/sparklemotion/nokogiri
35
https://github.com/umbraco/Umbraco-CMS
35
https://github.com/apache/activemq
34
https://github.com/parse-community/parse-server
34
https://github.com/answerdev/answer
34
https://github.com/go-gitea/gitea
32
https://github.com/opencv/opencv
32
https://github.com/matrix-org/synapse
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/apache/inlong
31
https://github.com/cilium/cilium
31
https://github.com/contao/contao
30
https://github.com/snipe/snipe-it
30
https://github.com/rack/rack
29
https://github.com/strapi/strapi
28
https://github.com/CVEProject/cvelist
28
https://github.com/gogs/gogs
28
https://github.com/FlowiseAI/Flowise
28
https://github.com/openstack/keystone
28
https://github.com/electron/electron
28
https://github.com/netty/netty
27
https://github.com/geoserver/geoserver
26
https://github.com/github/advisory-database
26
https://github.com/froxlor/froxlor
26
https://github.com/apache/nifi
26
https://github.com/baserproject/basercms
26
https://github.com/zitadel/zitadel
26
https://github.com/bcgit/bc-java
25
https://github.com/surrealdb/surrealdb
25
https://github.com/denoland/deno
25
https://github.com/vercel/next.js
25
https://github.com/vllm-project/vllm
25
https://github.com/pmmp/PocketMine-MP
25
https://github.com/langchain-ai/langchain
25
https://github.com/traefik/traefik
25
https://github.com/getgrav/grav
24
https://github.com/hashicorp/consul
24
https://github.com/pyload/pyload
24
https://github.com/apache/cxf
24
https://github.com/run-llama/llama_index
24
https://github.com/livehelperchat/livehelperchat
23
https://github.com/PrestaShop/PrestaShop
23
https://github.com/bytecodealliance/wasmtime
23
https://github.com/TYPO3/TYPO3.CMS
23
https://github.com/firefly-iii/firefly-iii
23
https://github.com/nilsteampassnet/TeamPass
23
https://github.com/dnnsoftware/Dnn.Platform
23
https://github.com/moby/moby
23
https://github.com/eclipse/jetty.project
23
https://github.com/nervosnetwork/ckb
22
https://github.com/jenkinsci/script-security-plugin
22
https://github.com/PHPOffice/PhpSpreadsheet
22
https://github.com/helm/helm
22
https://github.com/getkirby/kirby
22
https://github.com/goharbor/harbor
21
https://github.com/hashicorp/vault
21
https://github.com/OpenZeppelin/openzeppelin-contracts
21
https://github.com/laravel/framework
21
https://github.com/undertow-io/undertow
21
https://github.com/funadmin/funadmin
20
https://github.com/ethyca/fides
20
https://github.com/OpenNMS/opennms
20
https://github.com/opencast/opencast
20
https://github.com/jeecgboot/jeecg-boot
20
https://github.com/alkacon/opencms-core
19
https://github.com/simplesamlphp/simplesamlphp
19
https://github.com/nilsteampassnet/teampass
19
https://github.com/huggingface/transformers
19
https://github.com/containerd/containerd
19
https://github.com/intelliants/subrion
19
https://github.com/backstage/backstage
19
https://github.com/TYPO3-CMS/core
19
https://github.com/cloudfoundry/uaa
19
https://github.com/opencontainers/runc
18
https://github.com/OpenMage/magento-lts
18
https://github.com/apache/camel
18
https://github.com/vaadin/platform
18
https://github.com/rubygems/rubygems
18
https://github.com/ethereum/go-ethereum
17
https://github.com/vantage6/vantage6
17
https://github.com/openfga/openfga
17
https://github.com/mindsdb/mindsdb
17
https://github.com/apache/kylin
17
https://github.com/liufee/cms
17
https://github.com/rusqlite/rusqlite
16
https://github.com/yetiforcecompany/yetiforcecrm
16
https://github.com/pyca/cryptography
16
https://github.com/quarkusio/quarkus
16
https://github.com/tinymce/tinymce
16
https://github.com/dotnet/aspnetcore
16
https://github.com/vitejs/vite
16
https://github.com/etcd-io/etcd
16
https://github.com/forkcms/forkcms
16
https://github.com/sequelize/sequelize
16
https://github.com/hashicorp/nomad
16
https://github.com/PHPMailer/PHPMailer
15
https://github.com/containers/podman
15
https://github.com/drupal/core
15
https://github.com/dompdf/dompdf
15
https://github.com/puppetlabs/puppet
15
https://github.com/ckeditor/ckeditor4
15
https://github.com/zendframework/zendframework
15
https://github.com/OPCFoundation/UA-.NETStandard
15
https://github.com/xuxueli/xxl-job
15
https://github.com/aio-libs/aiohttp
15
https://github.com/nodejs/undici
15
https://github.com/thorsten/phpMyFAQ
15
https://github.com/spring-projects/spring-security
15
https://github.com/cobbler/cobbler
15
https://github.com/centreon/centreon
15
https://github.com/decidim/decidim
15
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/cockpit-hq/cockpit
14
https://github.com/rails/rails-html-sanitizer
14
https://github.com/urllib3/urllib3
14
https://github.com/golang/go
14
https://github.com/apache/superset
14
https://github.com/apache/zeppelin
14
https://github.com/pimcore/admin-ui-classic-bundle
14
https://github.com/Graylog2/graylog2-server
14
https://github.com/TryGhost/Ghost
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/cosmos/cosmos-sdk
14
https://github.com/twisted/twisted
14
https://github.com/janeczku/calibre-web
14
https://github.com/ming-soft/MCMS
14
https://github.com/ImageMagick/ImageMagick
14
https://github.com/publify/publify
14
https://github.com/modoboa/modoboa
13
https://github.com/OctoPrint/OctoPrint
13
https://github.com/dromara/hutool
13
https://github.com/openbao/openbao
13
https://github.com/zenml-io/zenml
13
https://github.com/apache/dolphinscheduler
13
https://github.com/OpenRefine/OpenRefine
13
https://github.com/laurent22/joplin
13
https://github.com/h2oai/h2o-3
13
https://github.com/swagger-api/swagger-ui
13
https://github.com/1Panel-dev/1Panel
13
https://github.com/igniterealtime/Openfire
12
https://github.com/yiisoft/yii2
12
https://github.com/NodeBB/NodeBB
12
https://sourceforge.net/projects/phpmyadmin.sourceforge.net
12
https://github.com/puma/puma
12
https://github.com/modxcms/revolution
12
https://github.com/openstack/glance
12
https://github.com/nautobot/nautobot
12