HIGH8.8CVE-2018-1258Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass >= 5.0.5.RELEASE, < 5.0.6.RELEASE
HIGH8.6CVE-2015-5211Files or Directories Accessible to External Parties in org.springframework:spring-core >= 4.2.0, < 4.2.2
HIGH7.5CVE-2025-41249Spring Framework annotation detection mechanism may result in improper authorization >= 5.3.0, <= 5.3.44
HIGH7.5Spring Framework server Web DoS Vulnerability
>= 6.1.2, < 6.1.3
HIGH7.5Denial of Service in Spring Framework
>= 5.1.0.RELEASE, < 5.1.1.RELEASE
HIGH7.5Spring Security and Spring Framework may not recognize certain paths that should be protected
from 0, < 4.3.1
HIGH7.5Possible privilege escalation in org.springframework:spring-core
from 0, < 4.3.15
MEDIUM6.5Denial of Service in org.springframework:spring-core
>= 5.0.0, < 5.0.6
MEDIUM5.9Path Traversal in org.springframework:spring-core
>= 5.0.0, < 5.0.5
MEDIUM5.9Moderate severity vulnerability that affects org.springframework:spring-core
>= 5.0.0.RELEASE, < 5.0.7.RELEASE
MEDIUM5.3Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
>= 4.3.0, < 4.3.14
MEDIUM4.3Improper Output Neutralization for Logs in Spring Framework
>= 5.3.0, < 5.3.11
MEDIUM4.3Log entry injection in Spring Framework
>= 5.3.0, < 5.3.14
—libspring-2.5-java - information disclosure
>= 3.0.0, < 3.0.6
—Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data
>= 3.0.0, < 3.0.6
—libspring-java - security update
>= 3.0.0, < 3.2.9
—Spring Framework Inefficient Regular Expression Complexity
>= 1.1.0, < 3.0.0.RELEASE
—Moderate severity vulnerability that affects org.springframework:spring-core
>= 4.1.0, < 4.1.5