VYPR

Thymeleaf

by Thymeleaf

Source repositories

CVEs (4)

  • CVE-2026-41901CriMay 12, 2026
    risk 0.59cvss 9.0epss 0.00

    Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf. Although the library provides mechanisms to avoid the execution of potentially…

  • CVE-2026-40478CriApr 17, 2026
    risk 0.59cvss 9.0epss 0.01

    Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it…

  • CVE-2026-40477CriApr 17, 2026
    risk 0.59cvss 9.0epss 0.01

    Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it…

  • CVE-2023-38286Jul 14, 2023
    risk 0.00cvss epss 0.01

    Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier…