VIR Vulnerability Intelligence Relay

Package impact

java Maven / org.springframework.security:spring-security-core

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2017-4995 high 8.1 8.1 9y ago Deserialization of Untrusted Data in Spring Security javavmware
CVE-2016-5007 high 7.5 7.5 9y ago Spring Security and Spring Framework may not recognize certain paths that should be protected debianjavavmware
CVE-2016-9879 high 7.5 7.5 10y ago Security Constraint Bypass in Spring Security javavmwareibm
CVE-2014-0097 high 7.3 7.3 9y ago Improper Authentication in Spring Security debianjavavmware
CVE-2026-22746 low 2.5 1mo ago Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider java
CVE-2025-22234 unknown 4mo ago Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvide java
CVE-2025-41248 unknown 8mo ago Spring Security annotation detection mechanism has authorization bypass java
CVE-2025-41232 unknown 1y ago Spring Security authorization bypass for method security annotations on private methods java
CVE-2025-22223 unknown 1y ago Spring Security Vulnerable to Authorization Bypass via Security Annotations java
CVE-2024-38827 unknown 2y ago Spring Framework has Authorization Bypass for Case Sensitive Comparisons java
CVE-2024-38810 unknown 2y ago Spring Security Missing Authorization vulnerability java
CVE-2024-22257 unknown 2y ago Erroneous authentication pass in Spring Security java
CVE-2024-22234 unknown 2y ago Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated java
CVE-2023-20862 unknown 3y ago Spring Security logout not clearing security context java
CVE-2022-31692 unknown 4y ago Spring Security authorization rules can be bypassed via forward or include dispatcher types java
CVE-2022-22978 unknown 4y ago Authorization bypass in Spring Security java
CVE-2022-22976 unknown 4y ago Integer overflow in BCrypt class in Spring Security java
CVE-2021-22119 unknown 5y ago Resource Exhaustion in Spring Security java
CVE-2020-5408 unknown 6y ago Insufficient Entropy in Spring Security java
CVE-2020-5407 unknown 6y ago Signature wrapping vulnerability in Spring Security java
CVE-2019-11272 unknown 7y ago Insufficiently Protected Credentials and Improper Authentication in Spring Security java
CVE-2019-3795 unknown 7y ago Spring Security uses insufficiently random values java
CVE-2018-15801 unknown 8y ago Spring Security vulnerable to Authorization Bypass java
CVE-2018-1199 unknown 8y ago Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core debianjava