CVE-2014-3527 critical 9.8
9.8
9y ago
Authorization Bypass in Spring Security
java vmware
CVE-2011-2894 medium —
6.8
15y ago
Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data
java vmware
CVE-2011-2731 medium —
5.1
14y ago
Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security
java vmware
CVE-2012-5055 medium —
5.0
14y ago
Exposure of Sensitive Information to an Unauthorized Actor in Spring Security
java vmware
CVE-2010-3700 medium —
5.0
16y ago
Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security
java vmware ibm
CVE-2026-22751 medium 4.8
4.8
1mo ago
Spring Security Core has a TOCTOU race condition when One-Time Token login with JdbcOneTimeTokenService is configured
java vmware
CVE-2011-2732 medium —
4.3
14y ago
Improper Control of Generation of Code in Spring Security
java vmware
CVE-2026-22746 low —
2.5
1mo ago
Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider
java
CVE-2025-22234 unknown —
—
4mo ago
Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvide
java
CVE-2025-41248 unknown —
—
8mo ago
Spring Security annotation detection mechanism has authorization bypass
java
CVE-2025-41232 unknown —
—
1y ago
Spring Security authorization bypass for method security annotations on private methods
java
CVE-2025-22223 unknown —
—
1y ago
Spring Security Vulnerable to Authorization Bypass via Security Annotations
java
CVE-2024-38827 unknown —
—
2y ago
Spring Framework has Authorization Bypass for Case Sensitive Comparisons
java
CVE-2024-38810 unknown —
—
2y ago
Spring Security Missing Authorization vulnerability
java
CVE-2024-22257 unknown —
—
2y ago
Erroneous authentication pass in Spring Security
java
CVE-2024-22234 unknown —
—
2y ago
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
java
CVE-2023-20862 unknown —
—
3y ago
Spring Security logout not clearing security context
java
CVE-2022-31692 unknown —
—
4y ago
Spring Security authorization rules can be bypassed via forward or include dispatcher types
java
CVE-2022-22978 unknown —
—
4y ago
Authorization bypass in Spring Security
java
CVE-2022-22976 unknown —
—
4y ago
Integer overflow in BCrypt class in Spring Security
java
CVE-2021-22119 unknown —
—
5y ago
Resource Exhaustion in Spring Security
java
CVE-2020-5408 unknown —
—
6y ago
Insufficient Entropy in Spring Security
java
CVE-2020-5407 unknown —
—
6y ago
Signature wrapping vulnerability in Spring Security
java
CVE-2019-11272 unknown —
—
7y ago
Insufficiently Protected Credentials and Improper Authentication in Spring Security
java
CVE-2019-3795 unknown —
—
7y ago
Spring Security uses insufficiently random values
java
CVE-2018-15801 unknown —
—
8y ago
Spring Security vulnerable to Authorization Bypass
java
CVE-2018-1199 unknown —
—
8y ago
Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
debian java