Package impact
Maven / org.springframework.security:spring-security-config
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-22753 | high | — | 8.0 | 1mo ago | Spring Security Doesn't Correctly Include Servlet Path in Path Matching of HttpSecurity#securityMatchers | |||
| CVE-2026-22754 | high | — | 8.0 | 1mo ago | Spring Security Doesn't Correctly Include Servlet Path in Path Matching of XML Authorization Rules | |||
| CVE-2023-34042 | unknown | — | — | 2y ago | Spring Security's spring-security.xsd file is world writable | |||
| CVE-2023-34034 | unknown | — | — | 3y ago | Access Control Bypass in Spring Security | |||
| CVE-2023-34035 | unknown | — | — | 3y ago | Spring Security's authorization rules can be misconfigured when using multiple servlets |