Package impact

Maven / org.springframework.security:spring-security-core

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2014-3527	critical	9.8	9.8	9y ago	Authorization Bypass in Spring Security
CVE-2026-22746	low	—	2.5	1mo ago	Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider
CVE-2025-22234	unknown	—	—	4mo ago	Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvide
CVE-2025-41248	unknown	—	—	8mo ago	Spring Security annotation detection mechanism has authorization bypass
CVE-2025-41232	unknown	—	—	1y ago	Spring Security authorization bypass for method security annotations on private methods
CVE-2025-22223	unknown	—	—	1y ago	Spring Security Vulnerable to Authorization Bypass via Security Annotations
CVE-2024-38827	unknown	—	—	2y ago	Spring Framework has Authorization Bypass for Case Sensitive Comparisons
CVE-2024-38810	unknown	—	—	2y ago	Spring Security Missing Authorization vulnerability
CVE-2024-22257	unknown	—	—	2y ago	Erroneous authentication pass in Spring Security
CVE-2024-22234	unknown	—	—	2y ago	Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
CVE-2023-20862	unknown	—	—	3y ago	Spring Security logout not clearing security context
CVE-2022-31692	unknown	—	—	4y ago	Spring Security authorization rules can be bypassed via forward or include dispatcher types
CVE-2022-22978	unknown	—	—	4y ago	Authorization bypass in Spring Security
CVE-2022-22976	unknown	—	—	4y ago	Integer overflow in BCrypt class in Spring Security
CVE-2021-22119	unknown	—	—	5y ago	Resource Exhaustion in Spring Security
CVE-2020-5408	unknown	—	—	6y ago	Insufficient Entropy in Spring Security
CVE-2020-5407	unknown	—	—	6y ago	Signature wrapping vulnerability in Spring Security
CVE-2019-11272	unknown	—	—	7y ago	Insufficiently Protected Credentials and Improper Authentication in Spring Security
CVE-2019-3795	unknown	—	—	7y ago	Spring Security uses insufficiently random values
CVE-2018-15801	unknown	—	—	8y ago	Spring Security vulnerable to Authorization Bypass
CVE-2018-1199	unknown	—	—	8y ago	Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core