| CVE-2014-3527 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Authorization Bypass in Spring Security |
| CVE-2017-4995 |
high |
8.1 |
8.1 |
|
|
|
9y ago |
Deserialization of Untrusted Data in Spring Security |
| CVE-2016-5007 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Spring Security and Spring Framework may not recognize certain paths that should be protected |
| CVE-2016-9879 |
high |
7.5 |
7.5 |
|
|
|
10y ago |
Security Constraint Bypass in Spring Security |
| CVE-2014-0097 |
high |
7.3 |
7.3 |
|
|
|
9y ago |
Improper Authentication in Spring Security |
| CVE-2026-22746 |
low |
— |
2.5 |
|
|
|
1mo ago |
Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider |
| CVE-2025-22234 |
unknown |
— |
— |
|
|
|
4mo ago |
Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvide |
| CVE-2025-41248 |
unknown |
— |
— |
|
|
|
8mo ago |
Spring Security annotation detection mechanism has authorization bypass |
| CVE-2025-41232 |
unknown |
— |
— |
|
|
|
1y ago |
Spring Security authorization bypass for method security annotations on private methods |
| CVE-2025-22223 |
unknown |
— |
— |
|
|
|
1y ago |
Spring Security Vulnerable to Authorization Bypass via Security Annotations |
| CVE-2024-38827 |
unknown |
— |
— |
|
|
|
2y ago |
Spring Framework has Authorization Bypass for Case Sensitive Comparisons |
| CVE-2024-38810 |
unknown |
— |
— |
|
|
|
2y ago |
Spring Security Missing Authorization vulnerability |
| CVE-2024-22257 |
unknown |
— |
— |
|
|
|
2y ago |
Erroneous authentication pass in Spring Security |
| CVE-2024-22234 |
unknown |
— |
— |
|
|
|
2y ago |
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated |
| CVE-2023-20862 |
unknown |
— |
— |
|
|
|
3y ago |
Spring Security logout not clearing security context |
| CVE-2022-31692 |
unknown |
— |
— |
|
|
|
4y ago |
Spring Security authorization rules can be bypassed via forward or include dispatcher types |
| CVE-2022-22978 |
unknown |
— |
— |
|
|
|
4y ago |
Authorization bypass in Spring Security |
| CVE-2022-22976 |
unknown |
— |
— |
|
|
|
4y ago |
Integer overflow in BCrypt class in Spring Security |
| CVE-2021-22119 |
unknown |
— |
— |
|
|
|
5y ago |
Resource Exhaustion in Spring Security |
| CVE-2020-5408 |
unknown |
— |
— |
|
|
|
6y ago |
Insufficient Entropy in Spring Security |
| CVE-2020-5407 |
unknown |
— |
— |
|
|
|
6y ago |
Signature wrapping vulnerability in Spring Security |
| CVE-2019-11272 |
unknown |
— |
— |
|
|
|
7y ago |
Insufficiently Protected Credentials and Improper Authentication in Spring Security |
| CVE-2019-3795 |
unknown |
— |
— |
|
|
|
7y ago |
Spring Security uses insufficiently random values |
| CVE-2018-15801 |
unknown |
— |
— |
|
|
|
8y ago |
Spring Security vulnerable to Authorization Bypass |
| CVE-2018-1199 |
unknown |
— |
— |
|
|
|
8y ago |
Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core |