Browse Security Advisories
Security Advisories for https://github.com/spring-projects/spring-framework Clear Filters
High
6 months ago
Spring Framework annotation detection mechanism may result in improper authorization
maven
org.springframework:spring-core
Moderate
9 months ago
Spring Framework vulnerable to a reflected file download (RFD)
maven
org.springframework:spring-web
Low
10 months ago
Spring Framework DataBinder Case Sensitive Match Exception
maven
org.springframework:spring-context
High
about 1 year ago
Spring Framework Path Traversal vulnerability
maven
org.springframework:spring-webmvc, org.springframework:spring-webflux
Moderate
over 1 year ago
Spring Framework has Authorization Bypass for Case Sensitive Comparisons
maven
org.springframework.security:spring-security-core
Moderate
over 1 year ago
Spring Framework DataBinder Case Sensitive Match Exception
maven
org.springframework:spring-web, org.springframework:spring-context
Moderate
over 1 year ago
Spring Framework DoS via conditional HTTP request
maven
org.springframework:spring-web
High
over 1 year ago
Path traversal vulnerability in functional web frameworks
maven
org.springframework:spring-webflux, org.springframework:spring-webmvc
Moderate
over 1 year ago
Spring Framework vulnerable to Denial of Service
maven
org.springframework:spring-expression
High
almost 2 years ago
Spring Framework URL Parsing with Host Validation
maven
org.springframework:spring-web
High
almost 2 years ago
Spring Framework URL Parsing with Host Validation Vulnerability
maven
org.springframework:spring-web
High
about 2 years ago
Spring Web vulnerable to Open Redirect or Server Side Request Forgery
maven
org.springframework:spring-web
High
over 2 years ago
Spring Framework vulnerable to denial of service
maven
org.springframework:spring-webmvc
High
almost 3 years ago
Spring Framework vulnerable to denial of service
maven
org.springframework:spring-expression
Critical
almost 3 years ago
Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch
maven
org.springframework:spring-webmvc
Moderate
almost 3 years ago
Spring Framework vulnerable to denial of service via specially crafted SpEL expression
maven
org.springframework:spring-expression
High
over 3 years ago
TERASOLUNA Server Framework vulnerable to ClassLoader manipulation
maven
org.terasoluna.gfw:terasoluna-gfw-common
High
almost 4 years ago
Improper Privilege Management in Spring Framework
maven
org.springframework:spring-web
Critical
almost 4 years ago
Pivotal Spring Framework contains unsafe Java deserialization methods
maven
org.springframework:spring-web
Moderate
almost 4 years ago
Improper Control of Generation of Code ('Code Injection') in Spring Framework
maven
org.springframework:spring
High
almost 4 years ago
Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework
maven
org.springframework:spring-core
Moderate
almost 4 years ago
Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data
maven
org.springframework.security:spring-security-core, org.springframework:spring-core
Moderate
almost 4 years ago
Improper Neutralization of Input During Web Page Generation in Spring Framework
maven
org.springframework:spring-webmvc
Moderate
almost 4 years ago
Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
maven
org.springframework:spring-core
High
almost 4 years ago
Improper Restriction of XML External Entity Reference in Spring Framework
maven
org.springframework:spring-webmvc
Moderate
almost 4 years ago
Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
maven
org.springframework:spring-webmvc
Moderate
almost 4 years ago
Cross-Site Request Forgery in Spring Framework
maven
org.springframework:spring-web
Moderate
almost 4 years ago
Cross-Site Request Forgery in Spring Framework
maven
org.springframework:spring-oxm
Moderate
almost 4 years ago
Missing XML Validation in Spring Framework
maven
org.springframework:spring-oxm
Moderate
almost 4 years ago
Cross-Site Request Forgery in Spring Framework
maven
org.springframework:spring-webmvc
Moderate
almost 4 years ago
Allocation of Resources Without Limits or Throttling in Spring Framework
maven
org.springframework:spring-messaging
High
almost 4 years ago
Denial of service in Spring Framework
maven
org.springframework:spring-beans
Moderate
almost 4 years ago
Improper Neutralization of Input During Web Page Generation in Spring Framework
maven
org.springframework:spring-web
High
almost 4 years ago
Improper handling of case sensitivity in Spring Framework
maven
org.springframework:spring-context
Moderate
almost 4 years ago
Allocation of Resources Without Limits or Throttling in Spring Framework
maven
org.springframework:spring-expression
Critical
almost 4 years ago
Remote Code Execution in Spring Framework
maven
org.springframework.boot:spring-boot-starter-webflux, org.springframework:spring-webflux, org.springframework.boot:spring-boot-starter-web, org.springframework:spring-webmvc, org.springframework:spring-beans
Moderate
about 6 years ago
CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux
maven
org.springframework:spring-webflux, org.springframework:spring-webmvc
High
about 6 years ago
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application
maven
org.springframework:spring-webflux, org.springframework:spring-webmvc
High
over 7 years ago
Files or Directories Accessible to External Parties in org.springframework:spring-core
maven
org.springframework:spring-core
Moderate
over 7 years ago
Pivotal Spring Framework DoS Attack with XML Input
maven
org.springframework:spring-web
Moderate
over 7 years ago
Moderate severity vulnerability that affects org.springframework:spring-core
maven
org.springframework:spring-core
Critical
over 7 years ago
Spring Framework has Improperly Implemented Security Check for Standard
maven
org.springframework:spring-messaging
High
over 7 years ago
Possible privilege escalation in org.springframework:spring-core
maven
org.springframework:spring-core
Moderate
over 7 years ago
Path Traversal in org.springframework:spring-core
maven
org.springframework:spring-core
Critical
over 7 years ago
Spring Framework allows applications to expose STOMP over WebSocket endpoints
maven
org.springframework:spring-messaging
High
over 7 years ago
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass
maven
org.springframework:spring-core
Moderate
over 7 years ago
Denial of Service in org.springframework:spring-core
maven
org.springframework:spring-core
Moderate
over 7 years ago
Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
maven
org.springframework.security:spring-security-core, org.springframework:spring-core
Moderate
over 7 years ago
Moderate severity vulnerability that affects org.springframework:spring-core
maven
org.springframework:spring-core
Moderate
over 7 years ago
Spring Framework Cross Site Tracing (XST)
maven
org.springframework:spring-web
High
over 7 years ago
Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized
maven
org.springframework:spring-webmvc
Filter by Severity
Filter by Source
Filter by Ecosystem
maven
7,123
packagist
5,704
pypi
5,271
npm
5,167
go
3,501
nuget
2,338
cargo
1,221
rubygems
937
hex
46
actions
44
swift
41
pub
9
Filter by Package
moodle/moodle
436
tensorflow
431
tensorflow-cpu
409
tensorflow-gpu
398
magento/community-edition
323
org.jenkins-ci.main:jenkins-core
249
Microsoft.ChakraCore
247
openclaw
226
typo3/cms
168
com.liferay.portal:release.portal.bom
159
github.com/mattermost/mattermost/server/v8
158
magento/project-community-edition
155
org.apache.tomcat:tomcat
137
github.com/mattermost/mattermost-server
133
pimcore/pimcore
124
com.liferay.portal:release.dxp.bom
118
dolibarr/dolibarr
117
typo3/cms-core
108
phpmyadmin/phpmyadmin
107
microweber/microweber
105
drupal/core
103
Django
99
librenms/librenms
98
apache-airflow
97
silverstripe/framework
90
thorsten/phpmyfaq
82
craftcms/cms
79
concrete5/concrete5
74
github.com/usememos/memos
74
drupal/drupal
73
com.fasterxml.jackson.core:jackson-databind
69
salt
67
apache-superset
66
ansible
65
shopware/platform
62
symfony/symfony
61
picklescan
59
actionpack
58
org.apache.struts:struts2-core
58
github.com/rancher/rancher
57
github.com/grafana/grafana
57
org.keycloak:keycloak-services
57
mlflow
57
Magick.NET-Q16-HDRI-AnyCPU
55
Magick.NET-Q16-AnyCPU
55
Plone
54
Magick.NET-Q16-HDRI-OpenMP-arm64
54
shopware/core
52
Magick.NET-Q16-HDRI-OpenMP-x64
52
getgrav/grav
52
Magick.NET-Q16-HDRI-arm64
52
gogs.io/gogs
51
Magick.NET-Q16-HDRI-x86
51
Magick.NET-Q16-HDRI-x64
51
Magick.NET-Q16-OpenMP-arm64
50
org.keycloak:keycloak-core
50
Magick.NET-Q16-OpenMP-x64
50
Magick.NET-Q8-AnyCPU
49
mautic/core
49
github.com/hashicorp/vault
49
Magick.NET-Q16-arm64
48
nova
48
django
47
gradio
47
baserproject/basercms
47
Magick.NET-Q16-x86
47
Magick.NET-Q8-OpenMP-arm64
46
nokogiri
46
n8n
46
Magick.NET-Q8-arm64
45
directus
45
mantisbt/mantisbt
45
Magick.NET-Q8-x86
44
Magick.NET-Q16-x64
44
org.elasticsearch:elasticsearch
44
vyper
44
org.xwiki.platform:xwiki-platform-oldcore
43
Magick.NET-Q8-OpenMP-x64
43
matrix-synapse
43
parse-server
42
nilsteampassnet/teampass
42
org.apache.tomcat.embed:tomcat-embed-core
42
rdiffweb
42
k8s.io/kubernetes
42
snipe/snipe-it
42
intelliants/subrion
41
plone
41
showdoc/showdoc
41
froxlor/froxlor
41
flowise
40
github.com/mattermost/mattermost-server/v6
39
net.mingsoft:ms-mcms
39
Magick.NET-Q8-x64
39
io.undertow:undertow-core
38
com.thoughtworks.xstream:xstream
37
rack
37
vllm
37
Magick.NET-Q16-OpenMP-x86
36
github.com/argoproj/argo-cd/v2
36
com.jfinal:jfinal
36
next
36
moin
35
github.com/answerdev/answer
34
github.com/cilium/cilium
33
shopware/shopware
33
org.jenkins-ci.plugins:script-security
33
github.com/zitadel/zitadel
33
keystone
33
zendframework/zendframework1
32
github.com/hashicorp/nomad
32
DotNetNuke.Core
32
code.gitea.io/gitea
32
github.com/hashicorp/consul
31
contao/core-bundle
31
opencv-python
31
opencv-contrib-python
30
org.apache.solr:solr-core
30
github.com/argoproj/argo-cd
30
github.com/traefik/traefik/v2
29
github.com/docker/docker
29
open-webui
29
pillow
29
Pillow
28
org.springframework.security:spring-security-core
28
mediawiki/core
28
org.apache.tomcat:tomcat-catalina
28
prestashop/prestashop
28
electron
28
org.opencms:opencms-core
27
centreon/centreon
27
getkirby/cms
26
wasmtime
26
org.keycloak:keycloak-parent
26
org.eclipse.jetty:jetty-server
26
github.com/ethereum/go-ethereum
26
surrealdb
26
deno
25
pocketmine/pocketmine-mp
25
rubygems-update
25
nocodb
25
pyload-ng
25
openssl-src
25
funadmin/funadmin
25
grumpydictator/firefly-iii
24
ghost
24
github.com/traefik/traefik/v3
24
puppet
23
aiohttp
23
activerecord
23
remdex/livehelperchat
23
laravel/framework
23
org.bouncycastle:bcprov-jdk15on
22
tribalsystems/zenario
22
simplesamlphp/simplesamlphp
22
org.xwiki.platform:xwiki-platform-web-templates
22
org.apache.openmeetings:openmeetings-parent
22
ckb
22
@openzeppelin/contracts-upgradeable
21
zendframework/zendframework
21
Microsoft.AspNetCore.App.Runtime.win-x64
21
Microsoft.AspNetCore.App.Runtime.win-x86
21
glance
21
@anthropic-ai/claude-code
21
github.com/goharbor/harbor
21
typo3/cms-backend
21
org.apache.nifi:nifi
21
@openzeppelin/contracts
21
langchain
20
ethyca-fides
20
org.cloudfoundry.identity:cloudfoundry-identity-server
20
cockpit-hq/cockpit
20
aim
20
transformers
19
topthink/framework
19
Microsoft.AspNetCore.App.Runtime.win-arm64
19
Microsoft.AspNetCore.App.Runtime.win-arm
19
hono
19
mindsdb
19
wwbn/avideo
19
github.com/openfga/openfga
19
openmage/magento-lts
19
statamic/cms
19
neutron
19
helm.sh/helm/v3
19
github.com/go-gitea/gitea
19
contao/contao
19
cakephp/cakephp
18
forkcms/forkcms
18
com.vaadin:vaadin-bom
18
org.springframework:spring-core
18
calibreweb
18
OctoPrint
18
mercurial
18
pgadmin4
18
cryptography
18
cobbler
18
golang.org/x/net
18
genix/cms
18
phpmyfaq/phpmyfaq
18
org.apache.jspwiki:jspwiki-main
18
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/moodle/moodle
250
https://github.com/xwiki/xwiki-platform
222
https://github.com/chakra-core/ChakraCore
214
https://github.com/jenkinsci/jenkins
178
https://github.com/liferay/liferay-portal
170
https://github.com/django/django
121
https://github.com/apache/tomcat
118
https://github.com/pimcore/pimcore
116
https://github.com/apache/airflow
105
https://github.com/TYPO3/typo3
93
https://github.com/microweber/microweber
90
https://github.com/keycloak/keycloak
90
https://github.com/librenms/librenms
77
https://github.com/rails/rails
70
https://github.com/FasterXML/jackson-databind
70
https://github.com/thorsten/phpmyfaq
69
https://github.com/usememos/memos
68
https://github.com/silverstripe/silverstripe-framework
68
https://github.com/kubernetes/kubernetes
66
https://github.com/symfony/symfony
64
https://github.com/Dolibarr/dolibarr
60
https://github.com/mattermost/mattermost
59
https://github.com/ansible/ansible
59
https://github.com/python-pillow/Pillow
52
https://github.com/spring-projects/spring-framework
51
https://github.com/argoproj/argo-cd
50
https://github.com/apache/struts
47
https://github.com/grafana/grafana
47
https://github.com/rancher/rancher
46
https://github.com/mautic/mautic
46
https://github.com/phpmyadmin/phpmyadmin
45
https://github.com/concretecms/concretecms
44
https://github.com/vyperlang/vyper
44
https://github.com/saltstack/salt
42
https://github.com/mantisbt/mantisbt
42
https://github.com/ikus060/rdiffweb
42
https://github.com/shopware/platform
42
https://github.com/craftcms/cms
41
https://github.com/directus/directus
41
https://github.com/shopware/shopware
40
https://github.com/mmaitre314/picklescan
39
https://github.com/star7th/showdoc
39
https://github.com/dotnet/runtime
38
https://github.com/openstack/nova
38
https://github.com/magento/magento2
38
https://github.com/gradio-app/gradio
38
https://github.com/x-stream/xstream
37
https://github.com/plone/Products.CMFPlone
37
https://github.com/octobercms/october
36
https://github.com/mlflow/mlflow
36
https://github.com/sparklemotion/nokogiri
35
https://github.com/umbraco/Umbraco-CMS
35
https://github.com/parse-community/parse-server
34
https://github.com/answerdev/answer
34
https://github.com/apache/activemq
34
https://github.com/go-gitea/gitea
32
https://github.com/opencv/opencv
32
https://github.com/matrix-org/synapse
32
https://github.com/apache/inlong
31
https://github.com/cilium/cilium
31
https://github.com/PaddlePaddle/Paddle
31
https://github.com/contao/contao
30
https://github.com/snipe/snipe-it
30
https://github.com/rack/rack
29
https://github.com/FlowiseAI/Flowise
28
https://github.com/strapi/strapi
28
https://github.com/CVEProject/cvelist
28
https://github.com/gogs/gogs
28
https://github.com/electron/electron
28
https://github.com/openstack/keystone
28
https://github.com/netty/netty
27
https://github.com/geoserver/geoserver
26
https://github.com/zitadel/zitadel
26
https://github.com/baserproject/basercms
26
https://github.com/froxlor/froxlor
26
https://github.com/apache/nifi
26
https://github.com/github/advisory-database
26
https://github.com/bcgit/bc-java
25
https://github.com/denoland/deno
25
https://github.com/vllm-project/vllm
25
https://github.com/traefik/traefik
25
https://github.com/vercel/next.js
25
https://github.com/surrealdb/surrealdb
25
https://github.com/langchain-ai/langchain
25
https://github.com/pmmp/PocketMine-MP
25
https://github.com/apache/cxf
24
https://github.com/run-llama/llama_index
24
https://github.com/getgrav/grav
24
https://github.com/hashicorp/consul
24
https://github.com/pyload/pyload
24
https://github.com/bytecodealliance/wasmtime
23
https://github.com/nilsteampassnet/TeamPass
23
https://github.com/firefly-iii/firefly-iii
23
https://github.com/TYPO3/TYPO3.CMS
23
https://github.com/PrestaShop/PrestaShop
23
https://github.com/dnnsoftware/Dnn.Platform
23
https://github.com/eclipse/jetty.project
23
https://github.com/moby/moby
23
https://github.com/livehelperchat/livehelperchat
23
https://github.com/PHPOffice/PhpSpreadsheet
22
https://github.com/helm/helm
22
https://github.com/jenkinsci/script-security-plugin
22
https://github.com/getkirby/kirby
22
https://github.com/nervosnetwork/ckb
22
https://github.com/hashicorp/vault
21
https://github.com/goharbor/harbor
21
https://github.com/OpenZeppelin/openzeppelin-contracts
21
https://github.com/laravel/framework
21
https://github.com/undertow-io/undertow
21
https://github.com/ethyca/fides
20
https://github.com/opencast/opencast
20
https://github.com/jeecgboot/jeecg-boot
20
https://github.com/OpenNMS/opennms
20
https://github.com/funadmin/funadmin
20
https://github.com/TYPO3-CMS/core
19
https://github.com/huggingface/transformers
19
https://github.com/alkacon/opencms-core
19
https://github.com/containerd/containerd
19
https://github.com/simplesamlphp/simplesamlphp
19
https://github.com/cloudfoundry/uaa
19
https://github.com/nilsteampassnet/teampass
19
https://github.com/backstage/backstage
19
https://github.com/intelliants/subrion
19
https://github.com/opencontainers/runc
18
https://github.com/OpenMage/magento-lts
18
https://github.com/rubygems/rubygems
18
https://github.com/apache/camel
18
https://github.com/vaadin/platform
18
https://github.com/vantage6/vantage6
17
https://github.com/openfga/openfga
17
https://github.com/apache/kylin
17
https://github.com/liufee/cms
17
https://github.com/ethereum/go-ethereum
17
https://github.com/mindsdb/mindsdb
17
https://github.com/pyca/cryptography
16
https://github.com/vitejs/vite
16
https://github.com/yetiforcecompany/yetiforcecrm
16
https://github.com/hashicorp/nomad
16
https://github.com/rusqlite/rusqlite
16
https://github.com/tinymce/tinymce
16
https://github.com/quarkusio/quarkus
16
https://github.com/etcd-io/etcd
16
https://github.com/forkcms/forkcms
16
https://github.com/dotnet/aspnetcore
16
https://github.com/sequelize/sequelize
16
https://github.com/PHPMailer/PHPMailer
15
https://github.com/ckeditor/ckeditor4
15
https://github.com/spring-projects/spring-security
15
https://github.com/xuxueli/xxl-job
15
https://github.com/OPCFoundation/UA-.NETStandard
15
https://github.com/cobbler/cobbler
15
https://github.com/dompdf/dompdf
15
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/drupal/core
15
https://github.com/puppetlabs/puppet
15
https://github.com/aio-libs/aiohttp
15
https://github.com/containers/podman
15
https://github.com/decidim/decidim
15
https://github.com/zendframework/zendframework
15
https://github.com/nodejs/undici
15
https://github.com/centreon/centreon
15
https://github.com/thorsten/phpMyFAQ
15
https://github.com/pimcore/admin-ui-classic-bundle
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/rails/rails-html-sanitizer
14
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/apache/superset
14
https://github.com/golang/go
14
https://github.com/cockpit-hq/cockpit
14
https://github.com/ming-soft/MCMS
14
https://github.com/janeczku/calibre-web
14
https://github.com/Graylog2/graylog2-server
14
https://github.com/publify/publify
14
https://github.com/ImageMagick/ImageMagick
14
https://github.com/urllib3/urllib3
14
https://github.com/cosmos/cosmos-sdk
14
https://github.com/twisted/twisted
14
https://github.com/apache/zeppelin
14
https://github.com/TryGhost/Ghost
14
https://github.com/laurent22/joplin
13
https://github.com/1Panel-dev/1Panel
13
https://github.com/dromara/hutool
13
https://github.com/h2oai/h2o-3
13
https://github.com/OctoPrint/OctoPrint
13
https://github.com/swagger-api/swagger-ui
13
https://github.com/modoboa/modoboa
13
https://github.com/zenml-io/zenml
13
https://github.com/apache/dolphinscheduler
13
https://github.com/openbao/openbao
13
https://github.com/OpenRefine/OpenRefine
13
https://github.com/codeigniter4/CodeIgniter4
12
https://github.com/n8n-io/n8n
12
https://github.com/wagtail/wagtail
12
https://github.com/centreon/centreon-archived
12
https://github.com/matrix-org/matrix-js-sdk
12
https://github.com/smarty-php/smarty
12
https://github.com/modxcms/revolution
12
https://github.com/openstack/glance
12