Find out if you have vulnerabilities that put you at risk
Test your applications
Toggle filtering controls
All Vulnerabilities
APPLICATION
Cargo
cocoapods
Composer
Conan
Go
hex
Maven
npm
NuGet
pip
pub
RubyGems
Swift
Unmanaged (C/C++)
OPERATING SYSTEM
All OS vulnerabilities
AlmaLinux
Alpine Linux
Amazon Linux
CentOS
Chainguard
Debian
MinimOS
Oracle Linux
Red Hat Enterprise Linux
Rocky Linux
SUSE Linux Enterprise Server
Ubuntu
Wolfi
Report a new vulnerability
VULNERABILITY
AFFECTS
TYPE
PUBLISHED
M
Privilege Escalation
org.springframework:spring-web
[5.3.0,5.3.7)
[5.0.0.RELEASE,5.2.15.RELEASE)
Maven
26 May 2021
H
Improper Input Validation
org.springframework:spring-web
[3.2.0.RELEASE,4.3.29.RELEASE)
[5.0.0.RELEASE, 5.0.19.RELEASE)
[5.1.0.RELEASE, 5.1.18.RELEASE)
[5.2.0.RELEASE, 5.2.9.RELEASE)
Maven
18 Sept 2020
H
Reflected File Download (RFD)
org.springframework:spring-web
[5.2.0, 5.2.3)
[5.1.0, 5.1.13)
[5.0.0, 5.0.16)
Maven
22 Jan 2020
L
Denial of Service (DoS)
org.springframework:spring-web
[4.2.0.RELEASE, 4.3.20.RELEASE)
[5.0.0.RELEASE, 5.0.10.RELEASE)
[5.1.0.RELEASE, 5.1.1.RELEASE)
Maven
18 Oct 2018
H
Reflected File Download
org.springframework:spring-web
[3.2.0.RELEASE, 3.2.15.RELEASE)
[4.0.0.RELEASE, 4.1.8.RELEASE)
[4.2.0.RELEASE, 4.2.2.RELEASE)
Maven
25 Dec 2016
M
Denial of Service (DoS)
org.springframework:spring-web
[3.2.0.RELEASE, 3.2.14.RELEASE)
[4.0.0.RELEASE, 4.1.7.RELEASE)
Maven
25 Dec 2016
H
XML External Entity (XXE) Injection
org.springframework:spring-web
[3.0.0.RELEASE,3.2.9.RELEASE)
[4.0.0.RELEASE,4.0.5.RELEASE)
Maven
25 Dec 2016
M
Information Exposure
org.springframework:spring-web
[4.3.0.RELEASE,4.3.18.RELEASE)
[5.0.0.RELEASE,5.0.7.RELEASE)
Maven
25 Dec 2016
M
Cross-Site Tracing (XST)
org.springframework:spring-web
[4.3.0.RELEASE, 4.3.18.RELEASE)
[5.0.0.RELEASE, 5.0.7.RELEASE)
Maven
25 Dec 2016
L
Cross-site Scripting (XSS)
org.springframework:spring-web
[3.0.0.RELEASE, 3.2.2.RELEASE)
Maven
25 Dec 2016
M
XML External Entity (XXE) Injection
org.springframework:spring-web
[3.0.0.RELEASE,3.2.4.RELEASE)
[4.0.0.RELEASE,4.0.1.RELEASE)
Maven
25 Dec 2016
M
XML External Entity (XXE) Injection
org.springframework:spring-web
[3,3.2.4)
[4-alpha,4.0.0.M2)
Maven
25 Dec 2016
M
Cross-site Request Forgery (CSRF)
org.springframework:spring-web
[3.0.0.RELEASE,3.2.8.RELEASE)
[4.0.0.RELEASE,4.0.2.RELEASE)
Maven
6 Jun 2014
M
XML External Entity (XXE) Injection
org.springframework:spring-web
[3.0.0.RELEASE, 3.2.4.RELEASE)
Maven
22 Aug 2013
H
Expression Language Injection
org.springframework:spring-web
[,2.5.6.SEC03)
[3.0.0.RELEASE,3.0.6.RELEASE)
Maven
9 Sept 2011
M
Inefficient Regular Expression Complexity
org.springframework/spring-web
*
rhel:8
25 Sept 2024
M
Inefficient Regular Expression Complexity
org.springframework/spring-web
*
rhel:9
25 Sept 2024
M
Inefficient Regular Expression Complexity
org.springframework/spring-web
*
rhel:7
25 Sept 2024
H
Path Traversal
org.springframework:spring-webflux
[,6.1.14)
Maven
18 Oct 2024
L
Improper Handling of Case Sensitivity
org.springframework:spring-webflux
[,6.1.14)
Maven
18 Oct 2024
H
Path Traversal
org.springframework:spring-webflux
[,6.1.13)
Maven
13 Sept 2024
M
Improper Output Neutralization for Logs
org.springframework:spring-webflux
[5.3.0,5.3.12)
[,5.2.18)
Maven
27 Oct 2021
M
Cross-Site Request Forgery (CSRF)
org.springframework:spring-webflux
[5.2.0, 5.2.3)
Maven
22 Jan 2020
M
Denial of Service (DoS)
org.springframework:spring-webmvc
[,6.0.0)
Maven
19 Nov 2024
H
Path Traversal
org.springframework:spring-webmvc
[,6.1.14)
Maven
18 Oct 2024
L
Improper Handling of Case Sensitivity
org.springframework:spring-webmvc
[,6.1.14)
Maven
18 Oct 2024
H
Path Traversal
org.springframework:spring-webmvc
[,6.1.13)
Maven
13 Sept 2024
C
Improper Access Control
org.springframework:spring-webmvc
[5.3.0,5.3.26)
[6.0.0,6.0.7)
Maven
23 Mar 2023
M
Cross-Site Request Forgery (CSRF)
org.springframework:spring-webmvc
[5.2.0, 5.2.3)
Maven
22 Jan 2020
M
Directory Traversal
org.springframework:spring-webmvc
[,4.3.15.RELEASE)
[5.0.0.RELEASE,5.0.5.RELEASE)
Maven
9 Apr 2018
