Package impact

Maven / org.springframework:spring-webmvc

CVE	Severity	CVSS	Risk	Published	Description
CVE-2014-0054	medium	—	6.8	12y ago	Cross-Site Request Forgery in Spring Framework
CVE-2026-22745	medium	5.3	5.3	29d ago	Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources
CVE-2014-3625	medium	—	5.0	12y ago	Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspeci…
CVE-2014-1904	medium	—	4.3	12y ago	Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary …
CVE-2022-22965	unknown	—	1.5	4y ago	Remote Code Execution in Spring Framework
CVE-2026-22737	unknown	—	—	2mo ago	Spring Framework Improper Path Limitation with Script View Templates
CVE-2026-22735	unknown	—	—	2mo ago	Spring MVC and WebFlux has Server Sent Event stream corruption
CVE-2023-20860	unknown	—	—	3y ago	Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch
CVE-2020-5397	unknown	—	—	6y ago	CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux