VYPR

Maven package

org.springframework.security/spring-security-oauth2-jose

pkg:maven/org.springframework.security/spring-security-oauth2-jose

Vulnerabilities (2)

  • CVE-2026-22748MedApr 22, 2026
    affected >= 6.3.0, <= 6.3.14

    Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder  or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.

  • CVE-2018-15801Dec 19, 2018
    affected >= 5.1.0, < 5.1.2fixed 5.1.2

    Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could f