pkg:Maven/org.springframework.boot:spring-boot

All known vulnerabilities

• CRITICAL9.1CVE-2026-40976Spring Boot's default security filter chain has no authorization rule with Actuator but without Health
  >= 4.0.0, < 4.0.6
• HIGH7.8CVE-2022-27772Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot
  from 0, < 2.2.11.RELEASE
• HIGH7.3CVE-2025-22235Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed
  from 0, <= 2.7.24.2
• HIGH7.0Spring Boot accepts predictable temp directory without ownership verification
  >= 4.0.0, < 4.0.6
• MEDIUM5.9Moderate severity vulnerability that affects org.springframework.boot:spring-boot
  >= 1.5.0, < 1.5.10