VYPR
Vendor

Spring Projects

Products
54
CVEs
116
Across products
115
Status
Private

Products

54
View all 54 products →

Recent CVEs

116
View all 116 CVEs →
  • CVE-2024-22263HigJun 19, 2024
    risk 0.63cvss 8.8epss 0.18

    Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to…

  • CVE-2026-47825HigJun 15, 2026
    risk 0.56cvss 8.6epss 0.00

    Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x (fix 3.1.13). Spring Cloud Gateway…

  • CVE-2026-40999HigJun 11, 2026
    risk 0.56cvss 8.6epss 0.00

    When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to…

  • CVE-2026-41700HigJun 11, 2026
    risk 0.53cvss 8.1epss 0.00

    Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker can trick an authenticated user into visiting a malicious page, allowing the attacker to execute arbitrary GraphQL operations with the victim's…

  • CVE-2026-41699HigJun 11, 2026
    risk 0.53cvss 8.1epss 0.00

    Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Execution when the application exposes a paginated (Connection) field and the…

  • CVE-2026-40998HigJun 11, 2026
    risk 0.53cvss 8.2epss 0.00

    Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK's default DocumentBuilderFactory behavior instead of Spring's hardened parser configuration. Applications that evaluate XPath…

  • CVE-2026-41732HigJun 10, 2026
    risk 0.53cvss 8.1epss 0.00

    JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-packages configuration fell back to trusting all packages rather than applying a…

  • CVE-2026-41729HigJun 10, 2026
    risk 0.53cvss 8.1epss 0.00

    Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-typed property, the JSON Pointer path segment used as the map key is embedded…

  • CVE-2026-41717HigJun 10, 2026
    risk 0.53cvss 8.1epss 0.00

    Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. Affected versions: Spring…

  • CVE-2026-41855HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.00

    In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary class instantiation, which can lead to unauthorized actions via gadget class…

  • CVE-2026-2818HigFeb 20, 2026
    risk 0.53cvss 8.2epss 0.00

    A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.

  • CVE-2017-3203HigJun 11, 2018
    risk 0.53cvss 8.1epss 0.06

    The Java implementations of AMF3 deserializers in Pivotal/Spring Spring-flex derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI…

  • CVE-2025-41232CriMay 21, 2025
    risk 0.52cvss 9.1epss 0.01

    Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: * You are using @EnableMethodSecurity(mode=ASPECTJ) and…

  • CVE-2024-38821CriOct 28, 2024
    risk 0.52cvss 9.1epss 0.02

    Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true: * It must be a WebFlux application * It must be using Spring's…

  • CVE-2026-47835HigJun 15, 2026
    risk 0.49cvss 8.6epss 0.00

    In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected…

  • CVE-2026-41708HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX…

  • CVE-2026-41856HigJun 11, 2026
    risk 0.49cvss 7.5epss 0.00

    The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are used for authorization decisions. When all conditions are met, security…

  • CVE-2026-41728HigJun 10, 2026
    risk 0.49cvss 7.5epss 0.00

    Spring Data REST's JSON Patch (application/json-patch+json) implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0…

  • CVE-2026-41716HigJun 10, 2026
    risk 0.49cvss 7.5epss 0.00

    Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests. Affected versions: Spring Data Commons 2.7.0 through 2.7.19; 3.3.0 through 3.3.16; 3.4.0 through 3.4.14;…

  • CVE-2026-41695HigJun 10, 2026
    risk 0.49cvss 7.5epss 0.00

    Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through…