Package impact
Maven / org.springframework:spring-webflux
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-22740 | medium | 6.5 | 6.5 | 29d ago | Spring Framework DoS with Multipart Temp Files in WebFlux | |
| CVE-2026-22745 | medium | 5.3 | 5.3 | 29d ago | Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources | |
| CVE-2026-22741 | low | 3.1 | 3.1 | 29d ago | Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. | |
| CVE-2022-22965 | unknown | — | 1.5 | 4y ago | Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. | |
| CVE-2026-22735 | unknown | — | — | 2mo ago | Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16,… | |
| CVE-2026-22737 | unknown | — | — | 2mo ago | Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations … | |
| CVE-2024-38819 | unknown | — | — | 1y ago | Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain … | |
| CVE-2024-38816 | unknown | — | — | 2y ago | Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain … | |
| CVE-2020-5397 | unknown | — | — | 6y ago | Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) … | |
| CVE-2020-5398 | unknown | — | — | 6y ago | In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it … |