Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Spring — Vulnerabilities & Security Advisories 70

Browse all 70 CVE security advisories affecting Spring. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Spring:Spring SecuritySpring BootSpring FrameworkSpring AISpringSpring Security OAuthSpring Cloud ConfigReactor NettySpring CloudSpring FoundationCLI VSCode ExtensionCloud GatewaySpring LDAPSpring Cloud Data FlowSpring Cloud ContractSpring BatchSpring AMQPSpring for GraphQLSpring For Apache KafkaSpring HATEOASSpring IntegrationSpring Data JPASpring Web Services
CVE IDTitleCVSSSeverityPublished
CVE-2025-41232 CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods — Spring Security 9.1 Critical2025-05-21
CVE-2025-22233 Spring Framework DataBinder Case Sensitive Match Exception — Spring FrameworkCWE-20 3.1 Low2025-05-16
CVE-2025-22235 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed — Spring BootCWE-20 7.3 High2025-04-28
CVE-2025-22232 Spring Cloud Config Server May Not Use Vault Token Sent By Clients — Spring Cloud ConfigCWE-287 5.3 Medium2025-04-10
CVE-2025-22223 VMware Spring Security 安全漏洞 — Spring SecurityCWE-290 5.3 Medium2025-03-24
CVE-2025-22228 CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length — Spring Security 7.4 High2025-03-20
CVE-2024-38829 Spring LDAP sensitive data exposure for case-sensitive comparisons — Spring LDAPCWE-178 3.7 Low2024-12-04
CVE-2024-38828 CVE-2024-38828: DoS via Spring MVC controller method with byte[] parameter — Spring 5.3 Medium2024-11-18
CVE-2024-38821 Authorization Bypass of Static Resources in WebFlux Applications — Spring 9.1 Critical2024-10-28
CVE-2024-38816 CVE-2024-38816: Path traversal vulnerability in functional web frameworks — Spring 7.5 High2024-09-13
CVE-2024-38807 CVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's Loader — Spring Boot 6.3 Medium2024-08-23
CVE-2024-38808 CVE-2024-38808: Spring Expression DoS Vulnerability — Spring Framework 4.3 Medium2024-08-20
CVE-2024-38810 Missing Authorization When Using @AuthorizeReturnObject — spring securityCWE-287 6.5 Medium2024-08-20
CVE-2024-37084 CVE-2024-37084: Remote code execution in Spring Cloud Data Flow — Spring Cloud Data Flow 9.8 Critical2024-07-25
CVE-2024-22262 CVE-2024-22262: Spring Framework URL Parsing with Host Validation — Spring Framework 8.1 High2024-04-16
CVE-2024-22258 CVE-2024-22258: PKCE Downgrade in Spring Authorization Server — Spring 6.1 Medium2024-03-20
CVE-2024-22259 CVE-2024-22259: Spring Framework URL Parsing with Host Validation (2nd report) — Spring Framework 8.1 High2024-03-16
CVE-2024-22243 CVE-2024-22243: Spring Framework URL Parsing with Host Validation — Spring Framework 8.1 High2024-02-23
CVE-2024-22234 CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated — Spring Security 7.4 High2024-02-20
CVE-2024-22236 Spring Cloud 安全漏洞 — Spring Cloud Contract 3.3 Low2024-01-31
CVE-2024-22233 CVE-2024-22233: Spring Framework server Web DoS Vulnerability — Spring Framework 7.5 High2024-01-22
CVE-2023-34055 Spring Boot server Web Observations DoS Vulnerability — Spring Boot 5.3 Medium2023-11-28
CVE-2023-34054 Reactor Netty HTTP Server Metrics DoS Vulnerability — Reactor Netty 5.3 Medium2023-11-28
CVE-2023-34053 Spring Framework server Web Observations DoS Vulnerability — Spring Framework 5.3 Medium2023-11-28
CVE-2023-34050 Spring AMQP Deserialization Vulnerability — Spring AMQP 5.0 Medium2023-10-19
CVE-2023-34047 Exposure of data and identity to wrong session in Spring for GraphQL — Spring for GraphQL 3.1 Low2023-09-20
CVE-2023-34040 Java Deserialization vulnerability in Spring-Kafka When Improperly Configured — Spring For Apache KafkaCWE-502 5.3 Medium2023-08-24
CVE-2023-34036 Forwarded header exploit with Spring HATEOAS on WebFlux — Spring HATEOASCWE-644 5.3 Medium2023-07-17
CVE-2020-5397 CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux — Spring FrameworkCWE-352 8.1 -2020-01-17
CVE-2020-5398 RFD Attack via "Content-Disposition" Header Sourced from Request Input by Spring MVC or Spring WebFlux Application — Spring FrameworkCWE-79 7.5 -2020-01-16

This page lists every published CVE security advisory associated with Spring. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.