spring-projects spring-security Vulnerabilities: CVEs, CISA KEV & Security Advisories

Severity and exploitation

How the CVSS severity of spring-projects spring-security's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical2

High3

Medium3

Low1

8 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

None of spring-projects spring-security's CVEs are currently listed in CISA's KEV catalog.

Public exploits

No spring-projects spring-security CVEs currently have a tracked public exploit.

Affected versions and CVEs

Browse every spring-projects spring-security version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

5.2.2.RELEASE6 CVEs
5.2.3.RELEASE6 CVEs
5.2.4.RELEASE5 CVEs
5.2.5.RELEASE5 CVEs
5.2.6.RELEASE5 CVEs
5.2.7.RELEASE5 CVEs
5.2.8.RELEASE5 CVEs
5.5.15 CVEs
5.5.25 CVEs
5.5.35 CVEs
5.5.45 CVEs
5.5.55 CVEs
5.5.65 CVEs
5.6.05 CVEs
4.2.0.RELEASE4 CVEs
5.2.10.RELEASE4 CVEs
5.2.9.RELEASE4 CVEs
5.6.14 CVEs
5.6.114 CVEs
5.6.24 CVEs
5.6.34 CVEs
5.6.44 CVEs
5.6.54 CVEs
5.6.64 CVEs
5.6.74 CVEs
5.6.84 CVEs
5.7.94 CVEs
5.8.44 CVEs
1.0.03 CVEs
1.0.23 CVEs
1.0.33 CVEs
1.0.43 CVEs
1.0.53 CVEs
2.5.0.M13 CVEs
3.0.0.M23 CVEs
3.0.0.RC23 CVEs
3.0.1.RELEASE3 CVEs
3.0.2.RELEASE3 CVEs
3.1.0.M13 CVEs
3.1.0.M23 CVEs
3.1.0.RC13 CVEs
3.1.0.RC23 CVEs
3.1.0.RC33 CVEs
3.1.0.RELEASE3 CVEs
3.1.1.RELEASE3 CVEs
3.1.2.RELEASE3 CVEs
3.1.3.RELEASE3 CVEs
3.2.0.M23 CVEs
4.1.0.RC13 CVEs
4.1.0.RC23 CVEs
4.1.0.RELEASE3 CVEs
4.2.1.RELEASE3 CVEs
4.2.10.RELEASE3 CVEs
4.2.11.RELEASE3 CVEs
4.2.2.RELEASE3 CVEs
4.2.3.RELEASE3 CVEs
4.2.4.RELEASE3 CVEs
4.2.5.RELEASE3 CVEs
4.2.6.RELEASE3 CVEs
4.2.7.RELEASE3 CVEs
4.2.9.RELEASE3 CVEs
5.2.11.RELEASE3 CVEs
5.2.12.RELEASE3 CVEs
5.2.13.RELEASE3 CVEs
5.2.14.RELEASE3 CVEs
5.2.15.RELEASE3 CVEs
5.3.1.RELEASE3 CVEs
5.3.10.RELEASE3 CVEs
5.3.11.RELEASE3 CVEs
5.3.12.RELEASE3 CVEs
5.3.13.RELEASE3 CVEs
5.3.2.RELEASE3 CVEs
5.3.3.RELEASE3 CVEs
5.3.4.RELEASE3 CVEs
5.3.5.RELEASE3 CVEs
5.3.6.RELEASE3 CVEs
5.3.7.RELEASE3 CVEs
5.3.8.RELEASE3 CVEs
5.3.9.RELEASE3 CVEs
5.4.13 CVEs
5.4.103 CVEs
5.4.23 CVEs
5.4.33 CVEs
5.4.43 CVEs
5.4.53 CVEs
5.4.63 CVEs
5.4.73 CVEs
5.4.83 CVEs
5.4.93 CVEs
5.5.73 CVEs
5.5.83 CVEs
5.6.103 CVEs
5.7.63 CVEs
5.7.73 CVEs
4.1.1.RELEASE2 CVEs
4.2.0.M12 CVEs
4.2.0.RC12 CVEs
4.2.12.RELEASE2 CVEs
5.0.0.M12 CVEs
5.0.0.M22 CVEs
5.0.0.M32 CVEs
5.0.0.M42 CVEs
5.0.0.M52 CVEs
5.0.0.RC12 CVEs
5.0.0.RELEASE2 CVEs
5.0.1.RELEASE2 CVEs
5.0.10.RELEASE2 CVEs
5.0.11.RELEASE2 CVEs
5.0.2.RELEASE2 CVEs
5.0.3.RELEASE2 CVEs
5.0.4.RELEASE2 CVEs
5.0.5.RELEASE2 CVEs
5.0.6.RELEASE2 CVEs
5.0.7.RELEASE2 CVEs
5.0.8.RELEASE2 CVEs
5.0.9.RELEASE2 CVEs
5.1.0.M12 CVEs
5.1.0.M22 CVEs
5.1.0.RC22 CVEs
5.1.0.RELEASE2 CVEs
5.1.1.RELEASE2 CVEs
5.1.2.RELEASE2 CVEs
5.1.3.RELEASE2 CVEs
5.1.4.RELEASE2 CVEs
5.2.0.RELEASE2 CVEs
5.6.122 CVEs
5.6.92 CVEs
5.7.02 CVEs
5.7.12 CVEs
5.7.102 CVEs
5.7.22 CVEs
5.7.32 CVEs
5.7.42 CVEs
5.7.52 CVEs
5.7.82 CVEs
5.8.02 CVEs
5.8.12 CVEs
5.8.22 CVEs
5.8.32 CVEs
5.8.52 CVEs
5.8.62 CVEs
6.0.42 CVEs
6.1.02 CVEs
6.1.12 CVEs
4.2.13.RELEASE1 CVE
4.2.14.RELEASE1 CVE
4.2.15.RELEASE1 CVE
5.0.12.RELEASE1 CVE
5.0.13.RELEASE1 CVE
5.0.14.RELEASE1 CVE
5.0.15.RELEASE1 CVE
5.1.5.RELEASE1 CVE
5.1.6.RELEASE1 CVE
5.1.7.RELEASE1 CVE
5.1.8.RELEASE1 CVE
5.1.9.RELEASE1 CVE
5.3.0.RELEASE1 CVE
5.7.111 CVE
5.8.131 CVE
5.8.71 CVE
5.8.81 CVE
5.8.91 CVE
6.0.01 CVE
6.0.11 CVE
6.0.21 CVE
6.0.31 CVE
6.0.51 CVE
6.0.61 CVE
6.0.71 CVE
6.0.81 CVE
6.1.21 CVE
6.1.31 CVE
6.1.41 CVE
6.1.51 CVE
6.1.61 CVE
6.2.0-M11 CVE
6.2.0-M21 CVE
6.2.0-M31 CVE
6.2.0-RC11 CVE
6.2.0-RC21 CVE
6.2.51 CVE
6.3.01 CVE
6.3.11 CVE

Fixed in

0686b461afdbfa2404b2248b8de4fef97561cace2 CVEs
24e925ef4d0bda1a7b656cf578e004febcf72a6f2 CVEs
60f44b347f4af4c56ba897723881ad5a40af0b232 CVEs
a41278781d4d431197c17bb1e19230b7f387a8192 CVEs
ada333710470ae07b7e96aef1efc87d06006882c2 CVEs
c2d2914a4f02ce38a307530229f2704e8849fd222 CVEs
d02ab505770f6405634d287ca409b448cc52d6882 CVEs
01c1c192d1cc893e24b8bbb082d62634ef15d7f11 CVE
16c350a7bcaec7218d96d42c743d748a243478f41 CVE
17d8293be1054a0b905e92b788a77c2dd6a300111 CVE
1e694b1304a801bc401aee15849130a5e0b702f8

Find a version

17 CVEs

Sort

Medium vulnerability · 2024-08-20
CVE-2024-38810
Patch
CWE-287
Medium · CVSS 6.5
EPSS 1.0% (77th pct)2024-08-20
CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
CVE-2024-22234
Patch
CWE-284
High · CVSS 7.4
EPSS 1.7% (82th pct)2024-02-20
Medium vulnerability · 2024-02-05
CVE-2023-34042
Patch
CWE-732
Medium · CVSS 4.1
EPSS 0.0% (14th pct)2024-02-05
Critical vulnerability · 2023-07-19
CVE-2023-34034
Patch
CWE-281
Critical · CVSS 9.1
EPSS 49.3% (98th pct)2023-07-19
High vulnerability · 2023-07-18
CVE-2023-34035
Patch
High · CVSS 7.3
EPSS 2.6% (86th pct)2023-07-18
Medium vulnerability · 2023-04-19
CVE-2023-20862
Patch
CWE-459
Medium · CVSS 6.3
EPSS 0.5% (65th pct)2023-04-19
Critical vulnerability · 2022-10-31
CVE-2022-31692
Patch
CWE-639
Critical · CVSS 9.8
EPSS 7.4% (92th pct)2022-10-31
High vulnerability · 2022-10-31
CVE-2022-31690
Patch
High · CVSS 8.1
EPSS 0.3% (55th pct)2022-10-31
Vulnerability · 2022-05-19
CVE-2022-22976
Patch
CWE-190
Unscored
EPSS 0.4% (59th pct)2022-05-19
Vulnerability · 2022-05-19
CVE-2022-22978
Patch
CWE-863
Unscored
EPSS 90.2% (100th pct)2022-05-19
Vulnerability · 2021-06-29
CVE-2021-22119
Patch
CWE-400
Unscored
EPSS 4.9% (90th pct)2021-06-29
Vulnerability · 2021-02-23
CVE-2021-22112
Patch
Unscored
EPSS 1.0% (77th pct)2021-02-23
Vulnerability · 2020-05-14
CVE-2020-5408
Patch
CWE-329
Unscored
EPSS 0.4% (62th pct)2020-05-14
Vulnerability · 2019-06-26
CVE-2019-11272
Patch
CWE-287
Unscored
EPSS 0.4% (62th pct)2019-06-26
Insecure Randomness When Using a SecureRandom Instance Constructed by Spring Security
CVE-2019-3795
Patch
CWE-330
Low · CVSS 3.8
EPSS 0.5% (68th pct)2019-04-09
Vulnerability · 2017-11-27
CVE-2017-4995
Patch
Unscored
EPSS 0.8% (75th pct)2017-11-27
Vulnerability · 2017-01-06
CVE-2016-9879
Patch
Unscored
EPSS 0.3% (56th pct)2017-01-06

Severity and exploitation

spring-projects spring-security Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Common weakness types

Disclosure activity by year

Other spring-projects products

Frequently asked questions

How many CVEs does spring-projects spring-security have?

How many spring-projects spring-security CVEs are in CISA KEV?

Are there public exploits for spring-projects spring-security vulnerabilities?

Which versions of spring-projects spring-security are affected?

What are the most common weakness types in spring-projects spring-security CVEs?

How many critical spring-projects spring-security vulnerabilities are there?

What is the average severity of spring-projects spring-security CVEs?

References

Track spring-projects spring-security vulnerabilities