Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Spring Security — Vulnerabilities & Security Advisories 34

All 34 CVE vulnerabilities found in Spring Security, with AI-generated Chinese analysis, references, and POCs.

Vendor: Pivotal

CVE IDTitleCVSSSeverityPaused
CVE-2026-22754 ervlet Path Not Correctly Included in Path Matching of XML Authorization Rules 7.5 High2026-04-22
CVE-2026-22753 Servlet Path Not Correctly Included in Path Matching of HttpSecurity#securityMatchers 7.5 High2026-04-22
CVE-2026-22748 Potential Security Misconfiguration when Using withIssuerLocation 5.3 Medium2026-04-22
CVE-2026-22747 Unauthorized User Impersonation when Using X.509 Client Certificates 6.8 Medium2026-04-22
CVE-2026-22746 User Attribute Enumeration when Using DaoAuthenticationProvider 3.7 Low2026-04-22
CVE-2026-22751 Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions 4.8 Medium2026-04-21
CVE-2026-22733 Authentication Bypass under Actuator CloudFoundry endpoints CWE-288 8.2 High2026-03-19
CVE-2026-22732 Under Some Conditions Spring Security HTTP Headers Are not Written 9.1 Critical2026-03-19
CVE-2025-22234 Spring Security - BCrypt Password Encoder maximum password length breaks timing attack mitigation CWE-208 5.3 Medium2026-01-22
CVE-2025-41248 CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types 7.5 High2025-09-16
CVE-2025-41232 CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods 9.1 Critical2025-05-21
CVE-2025-22223 VMware Spring Security 安全漏洞 CWE-290 5.3 Medium2025-03-24
CVE-2025-22228 CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length 7.4 High2025-03-20
CVE-2024-38827 Spring Security Authorization Bypass for Case Sensitive Comparisons CWE-639 4.8 Medium2024-12-02
CVE-2024-38810 Missing Authorization When Using @AuthorizeReturnObject CWE-287 6.5 Medium2024-08-20
CVE-2024-22257 VMware Spring Security 安全漏洞 8.2 High2024-03-18
CVE-2024-22234 CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated 7.4 High2024-02-20
CVE-2023-34042 VMware Spring Security 安全漏洞 4.1 Medium2024-02-05
CVE-2023-34034 VMware Spring Security 安全漏洞 9.1 Critical2023-07-19
CVE-2023-34035 Spring Security 安全漏洞 7.3 High2023-07-18
CVE-2023-20862 Spring Framework 安全漏洞 9.4 -2023-04-19
CVE-2022-31690 VMware Spring Security 安全漏洞 8.1 -2022-10-31
CVE-2022-22976 Spring Framework 输入验证错误漏洞 CWE-190 5.3 -2022-05-19
CVE-2022-22978 VMware Spring Security 授权问题漏洞 CWE-863 9.8 -2022-05-19
CVE-2021-22119 VMware Spring Security 安全漏洞 CWE-400 7.5 -2021-06-29
CVE-2021-22112 Vmware VMware Spring Security 权限许可和访问控制问题漏洞 8.8 -2021-02-23
CVE-2020-5408 Dictionary attack with Spring Security queryable text encryptor CWE-329 4.3 -2020-05-14
CVE-2020-5407 Signature Wrapping Vulnerability with spring-security-saml2-service-provider CWE-347 8.1 -2020-05-13
CVE-2019-11272 PlaintextPasswordEncoder authenticates encoded passwords that are null CWE-287 7.7 -2019-06-26
CVE-2019-3795 Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security CWE-330 6.5 -2019-04-09

All 34 known CVE vulnerabilities affecting Spring Security with full Chinese analysis, references, and POCs where available.