- How many CVEs does spring-projects have?
- spring-projects has 154 published CVE records since 2014, including 60 in the last two years.
- How many spring-projects CVEs are in CISA KEV?
- Yes — 2 of spring-projects's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which spring-projects products have the most CVEs?
- The spring-projects products with the most published CVEs are spring-framework, spring-security, spring-boot, spring-ai, spring-data-commons.
- What are the most common weakness types in spring-projects CVEs?
- spring-projects's CVEs most often map to these CWE weakness types: CWE-400 (Uncontrolled Resource Consumption), CWE-502 (Deserialization of Untrusted Data), CWE-284 (Improper Access Control), CWE-770 (Allocation of Resources Without Limits or Throttling).
- Are there public exploits for spring-projects vulnerabilities?
- Yes — 8 of spring-projects's CVEs have a known public exploit.
- How many critical spring-projects vulnerabilities are there?
- spring-projects has 26 critical and 64 high-severity CVEs.
- What is the average severity of spring-projects CVEs?
- The average CVSS base score across spring-projects's scored CVEs is 7.3.