Package impact

Maven / org.springframework:spring-webmvc

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2014-0054	medium	—	6.8				12y ago	Cross-Site Request Forgery in Spring Framework
CVE-2026-22745	medium	5.3	5.3				29d ago	Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources
CVE-2014-3625	medium	—	5.0				12y ago	Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
CVE-2014-1904	medium	—	4.3				12y ago	Improper Neutralization of Input During Web Page Generation in Spring Framework
CVE-2026-22741	low	3.1	3.1				29d ago	Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.
CVE-2022-22965	unknown	—	2.5				4y ago	Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
CVE-2026-22737	unknown	—	—				2mo ago	Spring Framework Improper Path Limitation with Script View Templates
CVE-2026-22735	unknown	—	—				2mo ago	Spring MVC and WebFlux has Server Sent Event stream corruption
CVE-2025-41242	unknown	—	—				9mo ago	Spring Framework MVC Applications Path Traversal Vulnerability
CVE-2024-38819	unknown	—	—				2y ago	Spring Framework Path Traversal vulnerability
CVE-2024-38828	unknown	—	—				2y ago	Spring MVC controller vulnerable to a DoS attack
CVE-2024-38816	unknown	—	—				2y ago	Path traversal vulnerability in functional web frameworks
CVE-2023-34053	unknown	—	—				3y ago	Spring Framework vulnerable to denial of service
CVE-2023-20860	unknown	—	—				3y ago	Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch
CVE-2020-5397	unknown	—	—				6y ago	CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux
CVE-2020-5398	unknown	—	—				6y ago	RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application