spring-projects spring-security Vulnerabilities
CVE security advisories and vulnerability history for spring-security by spring-projects.
Last updated
Overview
spring-projects spring-security has 31 published CVE records since 2017, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 0 have a known public exploit. The average CVSS base score across scored CVEs is 7.2.
This page aggregates every publicly disclosed vulnerability (CVE) affecting spring-projects spring-security, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.
Severity and exploitation
How the CVSS severity of spring-projects spring-security's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.
In CISA’s Known Exploited Vulnerabilities catalog
0
None of spring-projects spring-security's CVEs are currently listed in CISA's KEV catalog.
Public exploits
0
No spring-projects spring-security CVEs currently have a tracked public exploit.
Affected versions and CVEs
Browse every spring-projects spring-security version named in a CVE, then pick one to see only the CVEs that affect it.
Specific versions
- 7.0.013 CVEs
- 7.0.113 CVEs
- 7.0.213 CVEs
- 7.0.313 CVEs
- 7.0.412 CVEs
- 4.2.0.RELEASE9 CVEs
- 6.5.09 CVEs
- 6.5.19 CVEs
- 6.5.39 CVEs
- 6.5.49 CVEs
- 6.5.59 CVEs
- 6.5.69 CVEs
- 6.5.79 CVEs
- 6.5.89 CVEs
- 4.2.1.RELEASE8 CVEs
- 4.2.2.RELEASE8 CVEs
- 6.5.98 CVEs
- 1.0.07 CVEs
- 1.0.27 CVEs
- 1.0.37 CVEs
- 1.0.47 CVEs
- 1.0.57 CVEs
- 2.5.0.M17 CVEs
- 3.0.0.M27 CVEs
- 3.0.0.RC27 CVEs
- 3.0.1.RELEASE7 CVEs
- 3.0.2.RELEASE7 CVEs
- 3.1.0.M17 CVEs
- 3.1.0.M27 CVEs
- 3.1.0.RC17 CVEs
- 3.1.0.RC27 CVEs
- 3.1.0.RC37 CVEs
- 3.1.0.RELEASE7 CVEs
- 3.1.1.RELEASE7 CVEs
- 3.1.2.RELEASE7 CVEs
- 3.1.3.RELEASE7 CVEs
- 3.2.0.M27 CVEs
- 4.1.0.RC17 CVEs
- 4.1.0.RC27 CVEs
- 4.1.0.RELEASE7 CVEs
- 4.1.1.RELEASE7 CVEs
- 4.2.0.M17 CVEs
- 4.2.0.RC17 CVEs
- 5.0.0.RELEASE6 CVEs
- 5.0.1.RELEASE6 CVEs
- 5.0.2.RELEASE6 CVEs
- 5.0.3.RELEASE6 CVEs
- 5.1.0.RELEASE6 CVEs
- 5.1.1.RELEASE6 CVEs
- 5.2.0.RELEASE6 CVEs
- 5.3.0.RELEASE6 CVEs
- 5.6.06 CVEs
- 7.0.56 CVEs
- 5.0.0.M15 CVEs
- 5.4.05 CVEs
- 5.5.05 CVEs
- 5.6.15 CVEs
- 5.6.25 CVEs
- 5.6.35 CVEs
- 5.7.05 CVEs
- 5.7.15 CVEs
- 5.7.25 CVEs
- 5.7.35 CVEs
- 5.7.45 CVEs
- 6.1.15 CVEs
- 6.5.105 CVEs
- 5.0.0.M24 CVEs
- 5.0.0.M34 CVEs
- 5.0.0.M44 CVEs
- 5.0.0.M54 CVEs
- 5.0.0.RC14 CVEs
- 5.1.0.M14 CVEs
- 5.1.0.M24 CVEs
- 5.1.0.RC24 CVEs
- 5.2.0.M14 CVEs
- 5.2.0.M24 CVEs
- 5.2.0.M34 CVEs
- 5.2.0.M44 CVEs
- 5.2.0.RC14 CVEs
- 5.5.0-M14 CVEs
- 5.5.0-M24 CVEs
- 5.5.0-M34 CVEs
- 5.5.0-RC14 CVEs
- 5.5.0-RC24 CVEs
- 6.0.04 CVEs
- 6.1.04 CVEs
- 4.2.10.RELEASE3 CVEs
- 4.2.11.RELEASE3 CVEs
- 4.2.3.RELEASE3 CVEs
- 4.2.4.RELEASE3 CVEs
- 4.2.5.RELEASE3 CVEs
- 4.2.6.RELEASE3 CVEs
- 4.2.7.RELEASE3 CVEs
- 4.2.9.RELEASE3 CVEs
- 5.2.2.RELEASE3 CVEs
- 5.2.3.RELEASE3 CVEs
- 5.3.0.M13 CVEs
- 5.3.0.RC13 CVEs
- 5.3.1.RELEASE3 CVEs
- 5.4.0-M13 CVEs
- 5.4.0-M23 CVEs
- 5.4.0-RC13 CVEs
- 5.6.43 CVEs
- 5.6.53 CVEs
- 5.6.63 CVEs
- 5.6.73 CVEs
- 5.6.83 CVEs
- 5.7.53 CVEs
- 5.7.63 CVEs
- 5.7.73 CVEs
- 5.8.03 CVEs
- 5.8.13 CVEs
- 5.8.23 CVEs
- 5.8.43 CVEs
- 6.0.13 CVEs
- 6.0.23 CVEs
- 6.0.43 CVEs
- 4.2.12.RELEASE2 CVEs
- 5.0.10.RELEASE2 CVEs
- 5.0.11.RELEASE2 CVEs
- 5.0.4.RELEASE2 CVEs
- 5.0.5.RELEASE2 CVEs
- 5.0.6.RELEASE2 CVEs
- 5.0.7.RELEASE2 CVEs
- 5.0.8.RELEASE2 CVEs
- 5.0.9.RELEASE2 CVEs
- 5.1.2.RELEASE2 CVEs
- 5.1.3.RELEASE2 CVEs
- 5.1.4.RELEASE2 CVEs
- 5.2.4.RELEASE2 CVEs
- 5.2.5.RELEASE2 CVEs
- 5.2.6.RELEASE2 CVEs
- 5.2.7.RELEASE2 CVEs
- 5.2.8.RELEASE2 CVEs
- 5.3.2.RELEASE2 CVEs
- 5.3.3.RELEASE2 CVEs
- 5.3.4.RELEASE2 CVEs
- 5.3.5.RELEASE2 CVEs
- 5.3.6.RELEASE2 CVEs
- 5.3.7.RELEASE2 CVEs
- 5.4.12 CVEs
- 5.4.22 CVEs
- 5.4.32 CVEs
- 5.5.12 CVEs
- 5.5.22 CVEs
- 5.5.32 CVEs
- 5.5.42 CVEs
- 5.5.52 CVEs
- 5.5.62 CVEs
- 5.6.0-M12 CVEs
- 5.6.0-M22 CVEs
- 5.6.0-M32 CVEs
- 5.6.0-RC12 CVEs
- 5.7.82 CVEs
- 5.7.92 CVEs
- 5.8.32 CVEs
- 6.0.32 CVEs
- 6.2.02 CVEs
- 6.2.0-M12 CVEs
- 6.2.0-M22 CVEs
- 6.2.0-RC12 CVEs
- 6.2.0-RC22 CVEs
- 6.3.02 CVEs
- 3.2.0.RELEASE1 CVE
- 3.2.1.RELEASE1 CVE
- 3.2.2.RELEASE1 CVE
- 3.2.3.RELEASE1 CVE
- 3.2.4.RELEASE1 CVE
- 3.2.5.RELEASE1 CVE
- 3.2.6.RELEASE1 CVE
- 3.2.7.RELEASE1 CVE
- 3.2.8.RELEASE1 CVE
- 3.2.9.RELEASE1 CVE
- 4.1.2.RELEASE1 CVE
- 4.1.3.RELEASE1 CVE
- 4.2.13.RELEASE1 CVE
- 4.2.14.RELEASE1 CVE
- 4.2.15.RELEASE1 CVE
- 5.0.12.RELEASE1 CVE
- 5.0.13.RELEASE1 CVE
- 5.0.14.RELEASE1 CVE
- 5.0.15.RELEASE1 CVE
- 5.1.5.RELEASE1 CVE
- 5.1.6.RELEASE1 CVE
- 5.1.7.RELEASE1 CVE
- 5.1.8.RELEASE1 CVE
- 5.1.9.RELEASE1 CVE
- 5.2.10.RELEASE1 CVE
- 5.2.9.RELEASE1 CVE
- 5.3.8.RELEASE1 CVE
- 5.3.9.RELEASE1 CVE
- 5.4.41 CVE
- 5.4.51 CVE
- 5.4.61 CVE
- 5.6.101 CVE
- 5.6.111 CVE
- 5.6.91 CVE
- 5.7.0-M11 CVE
- 5.7.0-M21 CVE
- 5.7.0-M31 CVE
- 5.7.0-RC11 CVE
- 5.7.101 CVE
- 5.8.51 CVE
- 5.8.61 CVE
- 6.0.0-M11 CVE
- 6.0.0-M21 CVE
- 6.0.0-M41 CVE
- 6.0.0-M51 CVE
- 6.0.0-M61 CVE
- 6.0.0-M71 CVE
- 6.0.0-RC11 CVE
- 6.0.0-RC21 CVE
- 6.0.51 CVE
- 6.0.61 CVE
- 6.1.0-M11 CVE
- 6.1.0-M21 CVE
- 6.1.0-RC11 CVE
- 6.1.21 CVE
- 6.1.31 CVE
- 6.1.61 CVE
- 6.2.11 CVE
- 6.3.0-M11 CVE
- 6.3.0-M21 CVE
- 6.3.0-M31 CVE
- 6.3.0-RC11 CVE
- 6.3.11 CVE
- 6.4.01 CVE
- 6.4.0-M11 CVE
- 6.4.0-M21 CVE
- 6.4.0-M31 CVE
- 6.4.0-M41 CVE
- 6.4.0-RC11 CVE
Version ranges
- <= 8.02 CVEs
- <= 8.0.8.2.02 CVEs
- <= 8.0.8.3.02 CVEs
- <= 1.14.01 CVE
- <= 11.2.01 CVE
- <= 11.3.01 CVE
- <= 20.1.01 CVE
- <= 7.4.11 CVE
- <= 8.0.251 CVE
- <= 8.5.0.01 CVE
- <= 8.5.0.11 CVE
- <= 8.5.0.21 CVE
- <= 8.5.5.01 CVE
- <= 8.5.5.11 CVE
- <= 8.5.5.21 CVE
- <= 8.5.5.31 CVE
- <= 8.5.5.41 CVE
- <= 8.5.5.51 CVE
- <= 8.5.5.61 CVE
- <= 8.5.5.71 CVE
- <= 8.5.5.81 CVE
- <= 8.5.5.91 CVE
- 8.2.0 <= v <= 8.2.4.01 CVE
Fixed in
- 53bc6a77963209bb2a5f3efdd855b1f4a8051cc36 CVEs
- acd131c3d1902c6422ae27fcd319d76fe7cafd3c6 CVEs
- 73b077790fcb04ac3712033d3e939daf422645455 CVEs
- 0a9d4dc8fc9d303dad7fc1ee25cc7381a98888993 CVEs
- 0686b461afdbfa2404b2248b8de4fef97561cace2 CVEs
- 24e925ef4d0bda1a7b656cf578e004febcf72a6f2 CVEs
- 60f44b347f4af4c56ba897723881ad5a40af0b232 CVEs
- a41278781d4d431197c17bb1e19230b7f387a8192 CVEs
- ada333710470ae07b7e96aef1efc87d06006882c2 CVEs
- c2d2914a4f02ce38a307530229f2704e8849fd222 CVEs
- d02ab505770f6405634d287ca409b448cc52d6882 CVEs
- 01c1c192d1cc893e24b8bbb082d62634ef15d7f11 CVE
- 0c54a55ae831c691449d4750abf5bc48cdbb6d961 CVE
- 16c350a7bcaec7218d96d42c743d748a243478f41 CVE
- 17d8293be1054a0b905e92b788a77c2dd6a300111 CVE
- 1e694b1304a801bc401aee15849130a5e0b702f81 CVE
- 2cc6cbdb77d761cdfc7d792bb2d772c2b9186e931 CVE
- 461f1f6b380f263ef0525ab28b188811b3dd72411 CVE
- 486c5118d218c4b94548e5ed8881d43089d1552d1 CVE
- 532e546355ee1adb22a6ec3ee05d04cc698d2b061 CVE
- 560fb35dc56104f6db0a4c60220af1d69afef0391 CVE
- 564a022ab6ad180daab86a68fcfa0a972ae132ef1 CVE
- 73e6ef2aceb15b4bb8cc1c49315deffb4ee20f921 CVE
- 7b61962915e3c452fe34230c5c5c354bd44bad3d1 CVE
- 7c17cfae367a1f4ac375a85f599abb3dff12c9f91 CVE
- 8f7e9c79c3beb14f7339409c9998f7a85f01d1a41 CVE
- 8fb44fe67980ef33dddb9ba3799d86edaf060fb81 CVE
- 974156d5fb2e05877ca3645b2afa483f1483c9d31 CVE
- 9bd793ffe65082f36305f6e285643fbb28f926e31 CVE
- abc523c063becc72de115cae9a6fa29d374ab5491 CVE
- b220d9aa875eb2933a59b1c2d9741adfa99b819b1 CVE
- b7212bd97510840b116c8a1ddf180cab7509d90c1 CVE
- d3d5836da4ebeffba0cd8f69396c1074acd65aa11 CVE
- d6eeafb10cbe7e96be5077a1b7cf0afee5f673f41 CVE
- dd5bfc0b3126a33c574354adf8d71fd4b34175ba1 CVE
- e41360b4a364744dbbf1afe25840cee26d466b371 CVE
- e75b210015650a6a044e25fecc597ed9f5bc22011 CVE
- ef78626045724492cf88b086873cc71d224483e71 CVE
- f154c7d9dcdebc690bf504b812db21a6d7148caf1 CVE
- ff3c560c532e51fc6d8837e276fd424370db16081 CVE
31 CVEs
- High · CVSS 8.1EPSS 0.1% (2th pct)2026-06-09
- Medium · CVSS 6.1EPSS 0.2% (11th pct)2026-06-09
- Medium · CVSS 5.3EPSS 0.1% (3th pct)2026-06-09
- Medium · CVSS 6.1EPSS 0.2% (7th pct)2026-06-09
- High · CVSS 7.6EPSS 0.2% (10th pct)2026-06-09
- High · CVSS 7.3EPSS 0.2% (10th pct)2026-06-09
- High · CVSS 7.5EPSS 0.3% (25th pct)2026-06-09
- High · CVSS 7.5EPSS 0.3% (18th pct)2026-04-22
- High · CVSS 7.5EPSS 0.2% (16th pct)2026-04-22
- Medium · CVSS 6.5EPSS 0.2% (10th pct)2026-04-22
- High · CVSS 8.1EPSS 0.3% (22th pct)2026-04-22
- Low · CVSS 3.7EPSS 0.2% (12th pct)2026-04-22
- Medium · CVSS 4.8EPSS 0.1% (3th pct)2026-04-21
- Critical · CVSS 9.1EPSS 0.5% (38th pct)2026-03-19
- High · CVSS 7.5EPSS 0.4% (35th pct)2024-08-20
- High · CVSS 7.4EPSS 0.7% (48th pct)2024-02-20
- Medium · CVSS 5.5EPSS 0.2% (12th pct)2024-02-05
- Critical · CVSS 9.8EPSS 3.5% (88th pct)2023-07-19
- High vulnerability · 2023-07-18CVE-2023-34035PatchHigh · CVSS 7.3EPSS 0.7% (47th pct)2023-07-18
- Medium · CVSS 6.3EPSS 0.6% (47th pct)2023-04-19
- Critical · CVSS 9.8EPSS 3.4% (88th pct)2022-10-31
- High vulnerability · 2022-10-31CVE-2022-31690PatchHigh · CVSS 8.1EPSS 1.0% (59th pct)2022-10-31
- Medium · CVSS 5.3EPSS 2.3% (81th pct)2022-05-19
- Critical · CVSS 9.8EPSS 10.7% (95th pct)2022-05-19
- High · CVSS 7.5EPSS 6.0% (93th pct)2021-06-29
- High vulnerability · 2021-02-23CVE-2021-22112PatchHigh · CVSS 8.8EPSS 3.2% (87th pct)2021-02-23
- Medium · CVSS 6.5EPSS 1.6% (73th pct)2020-05-14
- High · CVSS 7.3EPSS 1.4% (69th pct)2019-06-26
- Medium · CVSS 5.3EPSS 1.9% (77th pct)2019-04-09
- High vulnerability · 2017-11-27CVE-2017-4995PatchHigh · CVSS 8.1EPSS 2.5% (83th pct)2017-11-27
Showing 30 of 31
Common weakness types
The CWE weakness categories most often found in spring-projects spring-security CVEs. Follow any weakness for its full explanation.
- CWE-287Improper Authentication3 CVEs
- CWE-400Uncontrolled Resource Consumption2 CVEs
- CWE-601URL Redirection to Untrusted Site ('Open Redirect')2 CVEs
- CWE-284Improper Access Control2 CVEs
- CWE-208Observable Timing Discrepancy1 CVE
- CWE-297Improper Validation of Certificate with Host Mismatch1 CVE
- CWE-329Generation of Predictable IV with CBC Mode1 CVE
- CWE-281Improper Preservation of Permissions1 CVE
Disclosure activity by year
How many spring-projects spring-security CVEs were published each year.
Other spring-projects products
Browse vulnerabilities for other products by spring-projects.
Frequently asked questions
Common questions about spring-projects spring-security vulnerabilities.
- How many CVEs does spring-projects spring-security have?
- spring-projects spring-security has 31 published CVE records since 2017.
- How many spring-projects spring-security CVEs are in CISA KEV?
- None of spring-projects spring-security's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.
- Are there public exploits for spring-projects spring-security vulnerabilities?
- No spring-projects spring-security CVEs currently have a tracked public exploit in this dataset.
- Which versions of spring-projects spring-security are affected?
- 295 distinct spring-projects spring-security versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.
- What are the most common weakness types in spring-projects spring-security CVEs?
- spring-projects spring-security's CVEs most often map to these CWE weakness types: CWE-287 (Improper Authentication), CWE-400 (Uncontrolled Resource Consumption), CWE-601 (URL Redirection to Untrusted Site ('Open Redirect')), CWE-284 (Improper Access Control).
- How many critical spring-projects spring-security vulnerabilities are there?
- spring-projects spring-security has 4 critical and 16 high-severity CVEs.
- What is the average severity of spring-projects spring-security CVEs?
- The average CVSS base score across spring-projects spring-security's scored CVEs is 7.2.
References
- All spring-projects vulnerabilities
- The MITRE CVE Program (opens in a new tab)
- Learn: What is a CVE?
- CWE directory: the weakness types these CVEs map to
Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.
Track spring-projects spring-security vulnerabilities
Monitor new spring-projects spring-security vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.