pkg:Maven/org.springframework.security:spring-security-web

All known vulnerabilities

• CRITICAL9.8CVE-2022-22978Authorization bypass in Spring Security
  >= 5.5.0, < 5.5.7
• CRITICAL9.1CVE-2026-22732Spring Security HTTP Headers Are not Written Under Some Conditions
  from 0, <= 5.7.14
• CRITICAL9.1CVE-2024-38821Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications
  from 0, < 5.7.13
• HIGH8.8Privilege escalation in spring security
  >= 5.4.0, < 5.4.4
• MEDIUM6.8Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates
  >= 7.0.0, < 7.0.5