Maven package
org.thymeleaf/thymeleaf-spring6
pkg:maven/org.thymeleaf/thymeleaf-spring6
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-41901 | Cri | 9.0 | < 3.1.5.RELEASE | 3.1.5.RELEASE | May 12, 2026 | Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf. Although the library provides mechanisms to avoid the execution of potentially | |
| CVE-2026-40478 | Cri | 9.0 | < 3.1.4.RELEASE | 3.1.4.RELEASE | Apr 17, 2026 | Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it f | |
| CVE-2026-40477 | Cri | 9.0 | < 3.1.4.RELEASE | 3.1.4.RELEASE | Apr 17, 2026 | Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails |
- affected < 3.1.5.RELEASEfixed 3.1.5.RELEASE
Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf. Although the library provides mechanisms to avoid the execution of potentially
- affected < 3.1.4.RELEASEfixed 3.1.4.RELEASE
Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it f
- affected < 3.1.4.RELEASEfixed 3.1.4.RELEASE
Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails