pkg:Maven/org.springframework.security:spring-security-config

All known vulnerabilities

• CRITICAL9.1CVE-2023-34034Access Control Bypass in Spring Security
  >= 5.6.0, < 5.6.12
• HIGH7.5CVE-2026-22754Spring Security Doesn't Correctly Include Servlet Path in Path Matching of XML Authorization Rules
  >= 7.0.0, < 7.0.5
• HIGH7.5CVE-2026-22753Spring Security Doesn't Correctly Include Servlet Path in Path Matching of HttpSecurity#securityMatchers
  >= 7.0.0, < 7.0.5
• HIGH7.3Spring Security's authorization rules can be misconfigured when using multiple servlets
  >= 5.8.0, < 5.8.5
• MEDIUM5.5Spring Security's spring-security.xsd file is world writable
  >= 6.1.1, < 6.1.4