CVE security advisories and vulnerability history for spring-framework by spring-projects.
37
Total CVEs
Published
1
In CISA KEV
Exploited in the wild
3
Public exploits
PoC or exploit code
6.8
Avg CVSS
2014–2024
Last updated
Overview
spring-projects spring-framework has 37 published CVE records since 2014, of which 1 are in CISA's Known Exploited Vulnerabilities catalog and 3 have a known public exploit. The average CVSS base score across scored CVEs is 6.8.
This page aggregates every publicly disclosed vulnerability (CVE) affecting spring-projects spring-framework, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.
Severity and exploitation
How the CVSS severity of spring-projects spring-framework's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.
Critical4
High13
Medium20
Low0
In CISA’s Known Exploited Vulnerabilities catalog
1
One of spring-projects spring-framework's CVEs is confirmed exploited in the wild.
Public exploits
3
3 of spring-projects spring-framework's CVEs have a known public exploit available.
Affected versions and CVEs
Browse every spring-projects spring-framework version named in a CVE, then pick one to see only the CVEs that affect it.
Common questions about spring-projects spring-framework vulnerabilities.
How many CVEs does spring-projects spring-framework have?
spring-projects spring-framework has 37 published CVE records since 2014.
How many spring-projects spring-framework CVEs are in CISA KEV?
Yes — 1 of spring-projects spring-framework's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
Are there public exploits for spring-projects spring-framework vulnerabilities?
Yes — 3 of spring-projects spring-framework's CVEs have a known public exploit.
Which versions of spring-projects spring-framework are affected?
558 distinct spring-projects spring-framework versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.
What are the most common weakness types in spring-projects spring-framework CVEs?
spring-projects spring-framework's CVEs most often map to these CWE weakness types: CWE-770 (Allocation of Resources Without Limits or Throttling), CWE-94 (Improper Control of Generation of Code ('Code Injection')), CWE-400 (Uncontrolled Resource Consumption), CWE-269 (Improper Privilege Management).
How many critical spring-projects spring-framework vulnerabilities are there?
spring-projects spring-framework has 4 critical and 13 high-severity CVEs.
What is the average severity of spring-projects spring-framework CVEs?
The average CVSS base score across spring-projects spring-framework's scored CVEs is 6.8.