Package impact
Maven / org.springframework.boot:spring-boot
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40976 | critical | 9.1 | 9.1 | 1mo ago | Spring Boot's default security filter chain has no authorization rule with Actuator but without Health | |||
| CVE-2026-40973 | high | 7.0 | 7.0 | 1mo ago | Spring Boot accepts predictable temp directory without ownership verification | |||
| CVE-2025-22235 | unknown | — | — | 1y ago | Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed | |||
| CVE-2022-27772 | unknown | — | — | 4y ago | Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot | |||
| CVE-2018-1196 | unknown | — | — | 8y ago | Moderate severity vulnerability that affects org.springframework.boot:spring-boot |