CVE-2014-3527 critical 9.8
9.8
9y ago
Authorization Bypass in Spring Security
java
CVE-2017-4995 high 8.1
8.1
9y ago
Deserialization of Untrusted Data in Spring Security
java
CVE-2016-5007 high 7.5
7.5
9y ago
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Diffe…
debian java
CVE-2016-9879 high 7.5
7.5
10y ago
Security Constraint Bypass in Spring Security
java
CVE-2014-0097 high 7.3
7.3
9y ago
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authentic…
debian java
CVE-2011-2894 medium —
6.8
15y ago
Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data
java
CVE-2011-2731 medium —
5.1
14y ago
Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security
java
CVE-2012-5055 medium —
5.0
14y ago
Exposure of Sensitive Information to an Unauthorized Actor in Spring Security
java
CVE-2010-3700 medium —
5.0
16y ago
Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security
java
CVE-2026-22751 medium 4.8
4.8
1mo ago
Spring Security Core has a TOCTOU race condition when One-Time Token login with JdbcOneTimeTokenService is configured
java
CVE-2011-2732 medium —
4.3
14y ago
Improper Control of Generation of Code in Spring Security
java
CVE-2026-22746 low —
2.5
1mo ago
Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider
java
CVE-2025-22234 unknown —
—
4mo ago
Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvide
java
CVE-2025-41248 unknown —
—
8mo ago
Spring Security annotation detection mechanism has authorization bypass
java
CVE-2025-41232 unknown —
—
1y ago
Spring Security authorization bypass for method security annotations on private methods
java
CVE-2025-22223 unknown —
—
1y ago
Spring Security Vulnerable to Authorization Bypass via Security Annotations
java
CVE-2024-38827 unknown —
—
2y ago
Spring Framework has Authorization Bypass for Case Sensitive Comparisons
java
CVE-2024-38810 unknown —
—
2y ago
Spring Security Missing Authorization vulnerability
java
CVE-2024-22257 unknown —
—
2y ago
Erroneous authentication pass in Spring Security
java
CVE-2024-22234 unknown —
—
2y ago
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
java
CVE-2023-20862 unknown —
—
3y ago
Spring Security logout not clearing security context
java
CVE-2022-31692 unknown —
—
4y ago
Spring Security authorization rules can be bypassed via forward or include dispatcher types
java
CVE-2022-22978 unknown —
—
4y ago
Authorization bypass in Spring Security
java
CVE-2022-22976 unknown —
—
4y ago
Integer overflow in BCrypt class in Spring Security
java
CVE-2021-22119 unknown —
—
5y ago
Resource Exhaustion in Spring Security
java
CVE-2020-5408 unknown —
—
6y ago
Insufficient Entropy in Spring Security
java
CVE-2020-5407 unknown —
—
6y ago
Signature wrapping vulnerability in Spring Security
java
CVE-2019-11272 unknown —
—
7y ago
Insufficiently Protected Credentials and Improper Authentication in Spring Security
java
CVE-2019-3795 unknown —
—
7y ago
Spring Security uses insufficiently random values
java
CVE-2018-15801 unknown —
—
8y ago
Spring Security vulnerable to Authorization Bypass
java
CVE-2018-1199 unknown —
—
8y ago
Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters…
debian java