Vulnerability DB

Detailed information and remediation guidance for known vulnerabilities.
Find out if you have vulnerabilities that put you at risk Test your code
Vulnerability Affects Type Published
  • H
XML External Entity (XXE) Injection
org.springframework.integration:spring-integration-xml [5.1.0.RELEASE,5.1.2.RELEASE),[5.0.0.RELEASE,5.0.11.RELEASE),[,4.3.19.RELEASE) Maven 16 Jan, 2019
  • H
XML External Entity (XXE) Injection
org.springframework.integration:spring-integration-ws [5.1.0.RELEASE,5.1.2.RELEASE),[5.0.0.RELEASE,5.0.11.RELEASE),[,4.3.19.RELEASE) Maven 16 Jan, 2019
  • H
Arbitrary Code Execution
org.springframework.security.oauth:spring-security-oauth2 [,2.0.15.RELEASE),[2.1.0.RELEASE, 2.1.2.RELEASE),[2.2.0.RELEASE, 2.2.2.RELEASE),[2.3.0.RELEASE, 2.3.3.RELEASE) Maven 10 May, 2018
  • H
Access Restriction Bypass
org.springframework.security:spring-security-cas [3.2.0,3.2.5.RELEASE),[3.1.0,3.1.7.RELEASE) Maven 25 Dec, 2016
  • H
XML External Entity (XXE) Injection
org.springframework.ws:spring-xml [,2.4.4.RELEASE),[3.0.0.RELEASE,3.0.6.RELEASE) Maven 16 Jan, 2019
  • H
XML External Entity (XXE) Injection
org.springframework.ws:spring-ws-core [,2.4.4.RELEASE),[3.0.0.RELEASE,3.0.6.RELEASE) Maven 16 Jan, 2019
  • H
XML External Entity (XXE) Injection
org.springframework.batch:spring-batch-core [4.1.0.RELEASE,4.1.1.RELEASE),[4.0.0.RELEASE,4.0.2.RELEASE),[3.0.9.RELEASE,3.0.10.RELEASE) Maven 16 Jan, 2019
  • H
Man-in-the-Middle (MitM)
org.springframework.amqp:spring-amqp [1.0.0.RELEASE, 1.7.10 .RELEASE),[2.0.0.RELEASE, 2.0.6.RELEASE) Maven 16 Sep, 2018
  • H
Arbitrary Code Execution
org.springframework:spring-messaging [,4.3.16.RELEASE),[5.0.0.RELEASE, 5.0.5.RELEASE) Maven 16 Apr, 2018
  • H
Arbitrary Code Execution
org.springframework.data:spring-data-commons [,1.13.11.RELEASE),[2.0.0.RELEASE,2.0.6.RELEASE) Maven 16 Apr, 2018
  • H
Arbitrary Code Execution
org.springframework.data:spring-data-rest-webmvc [,2.6.7.RELEASE) Maven 16 Apr, 2018
  • H
Arbitrary Code Execution
org.springframework.boot:spring-boot-starter-data-rest [,1.5.9.RELEASE) Maven 16 Apr, 2018
  • H
Arbitrary Code Execution
org.springframework:spring-messaging [,4.3.16.RELEASE),[5.0.0.RELEASE,5.0.5.RELEASE) Maven 09 Apr, 2018
  • H
Arbitrary Code Execution
org.springframework.amqp:spring-amqp [1.5.6.RELEASE,1.5.7.RELEASE),[1.6.10.RELEASE,1.6.11.RELEASE),[1.7.3.RELEASE,1.7.4.RELEASE) Maven 05 Nov, 2017
  • H
Deserialization of Untrusted Data
org.springframework.amqp:spring-amqp [,1.5.5) Maven 12 Apr, 2016
  • H
Credentials Disclosure
org.springframework.security.oauth:spring-security-oauth2 [2.3.0.RELEASE,2.3.5.RELEASE),[2.2.0.RELEASE,2.2.4.RELEASE),[2.1.0.RELEASE,2.1.4.RELEASE),[,2.0.17.RELEASE) Maven 08 Mar, 2019
  • H
Arbitrary Code Execution
org.springframework.security.oauth:spring-security-oauth2 [1.0.0.RELEASE,2.0.10.RELEASE) Maven 04 Jul, 2016
  • H
Cross-site Request Forgery (CSRF)
org.springframework.social:spring-social-core [1.0.0.RELEASE,1.1.3.RELEASE) Maven 10 Nov, 2015
  • H
Access Restriction Bypass
org.springframework:spring-core [5.0.5.RELEASE, 5.0.6.RELEASE) Maven 10 May, 2018
  • H
Cross-Site Request Forgery (CSRF)
org.springframework.batch:spring-batch-admin [0,] Maven 01 Apr, 2018
  • H
Cross-site Request Forgery (CSRF)
org.springframework.batch:spring-batch-admin [,1.3.0.RELEASE) Maven 05 Nov, 2017
  • H
XML External Entity (XXE) Injection
org.springframework:spring-web [3.0.0.RELEASE,3.2.9.RELEASE),[4.0.0.RELEASE,4.0.5.RELEASE) Maven 25 Dec, 2016
  • H
XML External Entity (XXE) Injection
org.springframework:spring-oxm [3.0.0.RELEASE,3.2.9.RELEASE),[4.0.0.RELEASE,4.0.5.RELEASE) Maven 25 Dec, 2016
  • H
Improper Input Validation
org.springframework:spring-web [,4.3.29.RELEASE),[5.0.0.RELEASE, 5.0.19.RELEASE),[5.1.0.RELEASE, 5.1.18.RELEASE),[5.2.0.RELEASE, 5.2.9.RELEASE) Maven 18 Sep, 2020
  • H
Reflected File Download
org.springframework:spring-web [3.2.0.RELEASE, 3.2.15.RELEASE),[4.0.0.RELEASE, 4.1.8.RELEASE),[4.2.0.RELEASE, 4.2.2.RELEASE) Maven 25 Dec, 2016
  • H
Authentication Bypass
org.springframework.security:spring-security-saml2-service-provider [5.3.0.RELEASE,5.3.2.RELEASE),[5.2.0.RELEASE,5.2.4.RELEASE) Maven 13 May, 2020
  • H
Deserialization of Untrusted Data
org.springframework.integration:spring-integration [4.3.0, 4.3.23),[5.1.0, 5.1.12),[5.2.0, 5.2.8),[5.3.0, 5.3.2) Maven 02 Aug, 2020
  • H
Privilege Escalation
org.springframework.security.oauth:spring-security-oauth2 [, 2.0.16.RELEASE),[2.1.0.RELEASE, 2.1.3.RELEASE),[2.2.0.RELEASE, 2.2.3.RELEASE),[2.3.0.RELEASE, 2.3.4.RELEASE) Maven 17 Oct, 2018
  • H
Deserialization of Untrusted Data
org.springframework.security:spring-security-core [4.2.0.RELEASE,4.2.3.RELEASE) Maven 20 Sep, 2017
  • H
Access Restriction Bypass
org.springframework.ldap:spring-ldap-core [,2.3.2.RELEASE) Maven 16 Nov, 2017