Find out if you have vulnerabilities that put you at risk
Test your applications
Toggle filtering controls
All Vulnerabilities
APPLICATION
Cargo
cocoapods
Composer
Conan
Go
hex
Maven
npm
NuGet
pip
pub
RubyGems
Swift
Unmanaged (C/C++)
OPERATING SYSTEM
All OS vulnerabilities
AlmaLinux
Alpine Linux
Amazon Linux
CentOS
Chainguard
Debian
Oracle Linux
Red Hat Enterprise Linux
Rocky Linux
SUSE Linux Enterprise Server
Ubuntu
Wolfi
Report a new vulnerability
VULNERABILITY
AFFECTS
TYPE
PUBLISHED
M
Integer Overflow or Wraparound
org.springframework.security:spring-security-crypto
[,5.5.7)
[5.6.0,5.6.4)
Maven
18 May 2022
M
Cryptographic Weakness
org.springframework.security:spring-security-crypto
[5.3.0.RELEASE, 5.3.2.RELEASE)
[5.2.0.RELEASE, 5.2.4.RELEASE)
[5.1.0.RELEASE, 5.1.10.RELEASE)
[5.0.0.RELEASE, 5.0.16.RELEASE)
[4.2.0.RELEASE, 4.2.16.RELEASE)
Maven
22 May 2020
M
Authorization Bypass
org.springframework.security:spring-security-ldap
[,5.7.14)
[5.8.0,5.8.16)
[6.2.0,6.2.8)
[6.3.0,6.3.5)
Maven
20 Nov 2024
M
Authentication Bypass
org.springframework.security:spring-security-ldap
[,4.2.9.RELEASE)
[5.0.0.RELEASE, 5.0.9.RELEASE)
[5.1.0.RELEASE, 5.1.1.RELEASE)
Maven
6 Mar 2018
H
Authentication Bypass
org.springframework.security:spring-security-ldap
[3.2.0.RELEASE,3.2.2.RELEASE)
[3.1.0.RELEASE,3.1.6.RELEASE)
Maven
25 Dec 2016
M
Improper Authentication
org.springframework.security:spring-security-oauth2-authorization-server
[,1.0.6)
[1.1.0,1.1.6)
[1.2.0,1.2.3)
Maven
20 Mar 2024
M
Authorization Bypass
org.springframework.security:spring-security-oauth2-client
[,5.7.14)
[5.8.0,5.8.16)
[6.2.0,6.2.8)
[6.3.0,6.3.5)
Maven
20 Nov 2024
H
Authentication Bypass
org.springframework.security:spring-security-oauth2-client
[6.1.0,6.1.7)
[6.2.0,6.2.2)
Maven
20 Feb 2024
H
Privilege Escalation
org.springframework.security:spring-security-oauth2-client
[,5.4.11)
[5.6.0,5.6.9)
[5.7.0,5.7.5)
Maven
1 Nov 2022
M
Denial of Service (DoS)
org.springframework.security:spring-security-oauth2-client
[5.5.0, 5.5.1)
[5.4.0, 5.4.7)
[5.3.0.RELEASE, 5.3.10.RELEASE)
[5.2.0.RELEASE, 5.2.11.RELEASE)
Maven
28 Jun 2021
M
Authorization Bypass
org.springframework.security:spring-security-oauth2-jose
[5.1.0,5.1.2.RELEASE)
Maven
20 Dec 2018
H
Authentication Bypass
org.springframework.security:spring-security-saml2-service-provider
[5.3.0.RELEASE,5.3.2.RELEASE)
[5.2.0.RELEASE,5.2.4.RELEASE)
Maven
13 May 2020
M
Authorization Bypass
org.springframework.security:spring-security-taglibs
[,5.7.14)
[5.8.0,5.8.16)
[6.2.0,6.2.8)
[6.3.0,6.3.5)
Maven
20 Nov 2024
M
Authorization Bypass
org.springframework.security:spring-security-web
[,5.7.14)
[5.8.0,5.8.16)
[6.2.0,6.2.8)
[6.3.0,6.3.5)
Maven
20 Nov 2024
C
Missing Authorization
org.springframework.security:spring-security-web
[,5.7.13)
[5.8.0,5.8.15)
[6.0.0,6.2.7)
[6.3.0,6.3.4)
Maven
28 Oct 2024
H
Authentication Bypass
org.springframework.security:spring-security-web
[6.1.0,6.1.7)
[6.2.0,6.2.2)
Maven
20 Feb 2024
M
Session Fixation
org.springframework.security:spring-security-web
[5.7.0,5.7.8)
[5.8.0,5.8.3)
[6.0.0,6.0.3)
Maven
20 Apr 2023
H
Authorization Bypass
org.springframework.security:spring-security-web
[5.6.0, 5.6.9)
[5.7.0, 5.7.5)
Maven
1 Nov 2022
H
Authorization Bypass
org.springframework.security:spring-security-web
[,5.4.11)
[5.5.0,5.5.7)
[5.6.0,5.6.4)
Maven
18 May 2022
L
Timing Attack
org.springframework.security:spring-security-web
[,5.2.9.RELEASE)
[5.3.0,5.3.7)
[5.4.0,5.4.3)
Maven
7 May 2021
M
Access Restriction Bypass
org.springframework.security:spring-security-web
[4.1.0.RELEASE, 4.1.5.RELEASE)
[4.2.0.RELEASE, 4.2.4.RELEASE)
[5.0.0.RELEASE, 5.0.3.RELEASE)
Maven
17 Mar 2018
H
Security Bypass
org.springframework.security:spring-security-web
[3.2.0.RELEASE,3.2.10.RELEASE)
[4.0.0.RELEASE,4.1.4.RELEASE)
[4.2.0.RELEASE,4.2.1.RELEASE)
Maven
28 Dec 2016
H
Authentication Bypass
org.springframework.security:spring-security-web
[3.2.0.RELEASE,4.1.1.RELEASE)
Maven
11 Jul 2016
M
Access Restriction Bypass
org.springframework.security:spring-security-web
[3.0.0.RELEASE,3.0.4.RELEASE)
Maven
10 Jun 2015
M
Arbitrary Code Execution
org.springframework.security:spring-security-web
[3.0.0.RELEASE,3.0.6.RELEASE)
Maven
8 Sept 2014
M
Information Exposure
org.springframework.session:spring-session-core
[3.0.0,3.0.1)
Maven
14 Apr 2023
H
Cross-site Request Forgery (CSRF)
org.springframework.social:spring-social-core
[1.0.0.RELEASE,1.1.3.RELEASE)
Maven
10 Nov 2015
M
Arbitrary Code Execution
org.springframework:spring
[2.5,2.5.6.SEC02)
Maven
18 Jun 2010
H
Relative Path Traversal
org.springframework:spring-beans
[,6.2.10)
Maven
19 Aug 2025
M
Denial of Service (DoS)
org.springframework:spring-beans
[,5.2.22.RELEASE)
[5.3.0,5.3.20)
Maven
12 May 2022
