Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Spring — Vulnerabilities & Security Advisories 58

Browse all 58 CVE security advisories affecting Spring. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Spring:Spring SecuritySpring FrameworkSpring BootSpring AISpringSpring Cloud ConfigSpring Security OAuthSpring Data JPASpring Web ServicesSpring HATEOASSpring For Apache KafkaSpring for GraphQLSpring AMQPReactor NettySpring Cloud ContractSpring IntegrationSpring Cloud Data FlowSpring LDAPCloud GatewayCLI VSCode ExtensionSpring FoundationSpring CloudSpring Batch
CVE IDTitleCVSSSeverityPublished
CVE-2026-22754 ervlet Path Not Correctly Included in Path Matching of XML Authorization Rules — Spring Security 7.5 High2026-04-22
CVE-2026-22753 Servlet Path Not Correctly Included in Path Matching of HttpSecurity#securityMatchers — Spring Security 7.5 High2026-04-22
CVE-2026-22748 Potential Security Misconfiguration when Using withIssuerLocation — Spring Security 5.3 Medium2026-04-22
CVE-2026-22747 Unauthorized User Impersonation when Using X.509 Client Certificates — Spring Security 6.8 Medium2026-04-22
CVE-2026-22746 User Attribute Enumeration when Using DaoAuthenticationProvider — Spring Security 3.7 Low2026-04-22
CVE-2026-22751 Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions — Spring Security 4.8 Medium2026-04-21
CVE-2026-22744 VMware Spring AI 安全漏洞 — Spring AI 7.5 High2026-03-27
CVE-2026-22743 Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore — Spring AI 7.5 High2026-03-27
CVE-2026-22742 Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching — Spring AI 8.6 High2026-03-27
CVE-2026-22738 SpEL Injection via Unescaped Filter Key in SimpleVectorStore Leads to Remote Code Execution — Spring AI 9.8 Critical2026-03-27
CVE-2026-22739 Spring Cloud Config Profile Substitution Can Allow Unintended Access To Files And Enable SSRF Attacks — Spring Cloud 8.6 High2026-03-24
CVE-2026-22737 Spring Framework Improper Path Limitation with Script View Templates — Spring Framework 5.9 Medium2026-03-19
CVE-2026-22735 Server Sent Event stream corruption — Spring Foundation 2.6 Low2026-03-19
CVE-2026-22733 Authentication Bypass under Actuator CloudFoundry endpoints — Spring SecurityCWE-288 8.2 High2026-03-19
CVE-2026-22731 Authentication Bypass under Actuator Health groups paths — Spring BootCWE-288 8.2 High2026-03-19
CVE-2025-22234 Spring Security - BCrypt Password Encoder maximum password length breaks timing attack mitigation — Spring SecurityCWE-208 5.3 Medium2026-01-22
CVE-2026-22718 Command injection vulnerability — CLI VSCode ExtensionCWE-78 6.8 Medium2026-01-14
CVE-2025-41243 Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux — Cloud GatewayCWE-917 10.0 Critical2025-09-16
CVE-2025-41232 CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods — Spring Security 9.1 Critical2025-05-21
CVE-2025-22233 Spring Framework DataBinder Case Sensitive Match Exception — Spring FrameworkCWE-20 3.1 Low2025-05-16
CVE-2025-22235 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed — Spring BootCWE-20 7.3 High2025-04-28
CVE-2025-22232 Spring Cloud Config Server May Not Use Vault Token Sent By Clients — Spring Cloud ConfigCWE-287 5.3 Medium2025-04-10
CVE-2025-22223 VMware Spring Security 安全漏洞 — Spring SecurityCWE-290 5.3 Medium2025-03-24
CVE-2025-22228 CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length — Spring Security 7.4 High2025-03-20
CVE-2024-38829 Spring LDAP sensitive data exposure for case-sensitive comparisons — Spring LDAPCWE-178 3.7 Low2024-12-04
CVE-2024-38828 CVE-2024-38828: DoS via Spring MVC controller method with byte[] parameter — Spring 5.3 Medium2024-11-18
CVE-2024-38821 Authorization Bypass of Static Resources in WebFlux Applications — Spring 9.1 Critical2024-10-28
CVE-2024-38816 CVE-2024-38816: Path traversal vulnerability in functional web frameworks — Spring 7.5 High2024-09-13
CVE-2024-38807 CVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's Loader — Spring Boot 6.3 Medium2024-08-23
CVE-2024-38808 CVE-2024-38808: Spring Expression DoS Vulnerability — Spring Framework 4.3 Medium2024-08-20

This page lists every published CVE security advisory associated with Spring. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.