pkg:Debian/libspring-java

56 total CVEsCRITICAL4HIGH15MEDIUM21LOW3

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2022-22965⚠ KEVRemote Code Execution in Spring Framework
    from 0
  • CRITICAL9.8CVE-2016-1000027Pivotal Spring Framework contains unsafe Java deserialization methods
    from 0, < 4.2.7-1
  • CRITICAL9.8CVE-2018-1270Spring Framework allows applications to expose STOMP over WebSocket endpoints
    from 0, < 4.3.19-1
  • CRITICAL9.1CVE-2023-20860Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch
    from 0
  • HIGH8.8CVE-2014-0225Improper Restriction of XML External Entity Reference in Spring Framework
    from 0, < 3.0.6.RELEASE-14
  • HIGH8.6CVE-2015-5211Files or Directories Accessible to External Parties in org.springframework:spring-core
    from 0, < 4.1.9-1
  • HIGH8.1CVE-2024-22262Spring Framework URL Parsing with Host Validation
    from 0
  • HIGH8.1CVE-2024-22259Spring Framework URL Parsing with Host Validation Vulnerability
    from 0
  • HIGH8.1CVE-2024-22243Spring Web vulnerable to Open Redirect or Server Side Request Forgery
    from 0
  • HIGH7.5CVE-2025-41249Spring Framework annotation detection mechanism may result in improper authorization
    from 0
  • HIGH7.5CVE-2024-38819Spring Framework Path Traversal vulnerability
    from 0
  • HIGH7.5CVE-2024-38816Path traversal vulnerability in functional web frameworks
    from 0
  • HIGH7.5CVE-2023-20863Spring Framework vulnerable to denial of service
    from 0
  • HIGH7.5CVE-2022-22970Denial of service in Spring Framework
    from 0
  • HIGH7.5CVE-2022-22968Improper handling of case sensitivity in Spring Framework
    from 0
  • HIGH7.5CVE-2018-15756Denial of Service in Spring Framework
    from 0, < 4.3.21-1
  • HIGH7.5CVE-2016-5007Spring Security and Spring Framework may not recognize certain paths that should be protected
    from 0, < 4.3.2-1
  • HIGH7.5CVE-2018-1272Possible privilege escalation in org.springframework:spring-core
    from 0, < 4.3.19-1
  • HIGH7.5CVE-2016-9878Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized
    from 0, < 4.3.5-1
  • MEDIUM6.5CVE-2023-20861Spring Framework vulnerable to denial of service via specially crafted SpEL expression
    from 0
  • MEDIUM6.5CVE-2022-22971Allocation of Resources Without Limits or Throttling in Spring Framework
    from 0
  • MEDIUM6.5CVE-2022-22950Allocation of Resources Without Limits or Throttling in Spring Framework
    from 0
  • MEDIUM6.5CVE-2020-5421Improper Input Validation in Spring Framework
    from 0, < 4.3.30-1
  • MEDIUM6.5CVE-2018-1257Denial of Service in org.springframework:spring-core
    from 0, < 4.3.19-1
  • MEDIUM6.3CVE-2024-38807Signature forgery in Spring Boot's Loader
    from 0
  • MEDIUM5.9CVE-2026-22737Spring Framework Improper Path Limitation with Script View Templates
    from 0
  • MEDIUM5.9CVE-2025-41242Spring Framework MVC Applications Path Traversal Vulnerability
    from 0
  • MEDIUM5.9CVE-2018-11040Moderate severity vulnerability that affects org.springframework:spring-core
    from 0, < 4.3.19-1
  • MEDIUM5.9CVE-2018-11039libspring-java - security update
    from 0, < 4.3.5-1+deb9u1
  • MEDIUM5.9CVE-2018-11039libspring-java - security update
    from 0, < 4.3.19-1
  • MEDIUM5.5CVE-2015-3192Pivotal Spring Framework DoS Attack with XML Input
    from 0, < 4.1.9-1
  • MEDIUM5.4CVE-2013-6430Improper Neutralization of Input During Web Page Generation in Spring Framework
    from 0, < 3.0.6.RELEASE-11
  • MEDIUM5.3CVE-2024-38828Spring MVC controller vulnerable to a DoS attack
    from 0
  • MEDIUM5.3CVE-2024-38820Spring Framework DataBinder Case Sensitive Match Exception
    from 0
  • MEDIUM5.3CVE-2024-38809Spring Framework DoS via conditional HTTP request
    from 0
  • MEDIUM5.3CVE-2018-1199Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
    from 0, < 4.3.14-1
  • MEDIUM4.3CVE-2025-41254Spring Framework STOMP over WebSocket applications may allow attackers to send unauthorized messages
    from 0
  • MEDIUM4.3CVE-2024-38808Spring Framework vulnerable to Denial of Service
    from 0
  • MEDIUM4.3CVE-2021-22096Improper Output Neutralization for Logs in Spring Framework
    from 0
  • MEDIUM4.3CVE-2021-22060Log entry injection in Spring Framework
    from 0
  • LOW3.7CVE-2024-38829Spring LDAP data exposure vulnerability
    from 0
  • LOW3.1CVE-2025-22233Spring Framework DataBinder Case Sensitive Match Exception
    from 0
  • LOW2.6CVE-2026-22735Spring MVC and WebFlux has Server Sent Event stream corruption
    from 0
  • NONE0.0CVE-2026-22741Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.
    from 0
  • NONE0.0CVE-2026-22740Spring Framework DoS with Multipart Temp Files in WebFlux
    from 0
  • CVE-2014-1904Improper Neutralization of Input During Web Page Generation in Spring Framework
    from 0, < 3.0.6.RELEASE-13
  • CVE-2014-3578libspring-java - security update
    from 0, < 3.0.6.RELEASE-17+deb8u1
  • CVE-2014-3578libspring-java - security update
    from 0, < 3.2.13-1
  • CVE-2014-3625Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
    from 0, < 3.2.13-1
  • CVE-2013-6429libspring-java - several
    from 0, < 3.0.6.RELEASE-11
  • CVE-2013-6429libspring-java - several
    from 0, < 3.0.6.RELEASE-6+deb7u2
  • CVE-2013-4152libspring-java - several
    from 0, < 3.0.6.RELEASE-10
  • CVE-2013-4152libspring-java - several
    from 0, < 3.0.6.RELEASE-6+deb7u1
  • CVE-2014-0054libspring-java - security update
    from 0, < 3.0.6.RELEASE-13
  • CVE-2013-7315Missing XML Validation in Spring Framework
    from 0, < 3.0.6.RELEASE-10
  • CVE-2014-0054libspring-java - security update
    from 0, < 3.0.6.RELEASE-6+deb7u3