pkg:Maven/org.springframework:spring-webmvc

18 total CVEsCRITICAL2HIGH6MEDIUM5LOW1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2022-22965⚠ KEVRemote Code Execution in Spring Framework
    from 0, < 5.2.20.RELEASE
  • CRITICAL9.1CVE-2023-20860Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch
    >= 6.0.0, < 6.0.7
  • HIGH8.8CVE-2014-0225Improper Restriction of XML External Entity Reference in Spring Framework
    >= 4.0.0, < 4.0.5
  • HIGH7.5CVE-2024-38819Spring Framework Path Traversal vulnerability
    >= 6.1.0, < 6.1.14
  • HIGH7.5CVE-2024-38816Path traversal vulnerability in functional web frameworks
    >= 6.1.0, < 6.1.13
  • HIGH7.5CVE-2023-34053Spring Framework vulnerable to denial of service
    >= 6.0.0, < 6.0.14
  • HIGH7.5CVE-2020-5398RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application
    >= 5.2.0.RELEASE, < 5.2.3.RELEASE
  • HIGH7.5CVE-2016-9878Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized
    from 0, < 3.2.18
  • MEDIUM5.9CVE-2026-22737Spring Framework Improper Path Limitation with Script View Templates
    >= 7.0.0-M1, < 7.0.6
  • MEDIUM5.9CVE-2025-41242Spring Framework MVC Applications Path Traversal Vulnerability
    >= 6.2.0, < 6.2.10
  • MEDIUM5.3CVE-2026-22745Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources
    >= 7.0.0, < 7.0.7
  • MEDIUM5.3CVE-2024-38828Spring MVC controller vulnerable to a DoS attack
    >= 5.3.0, < 5.3.42
  • MEDIUM5.3CVE-2020-5397CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux
    >= 5.2.0, < 5.2.3
  • LOW2.6CVE-2026-22735Spring MVC and WebFlux has Server Sent Event stream corruption
    >= 7.0.0-M1, < 7.0.6
  • NONE0.0CVE-2026-22741Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.
    >= 7.0.0, < 7.0.7
  • CVE-2014-1904Improper Neutralization of Input During Web Page Generation in Spring Framework
    >= 3.0.0, < 3.2.8.RELEASE
  • CVE-2014-3625Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
    >= 3.0.4, < 3.2.12
  • CVE-2014-0054libspring-java - security update
    from 0, < 3.2.8