Request Pricing
Every unpatched CVE is a risk. Fix them all now.
Medium
Ingress NGINX
github.com/gomarkdown/markdown; reaches Ingress NGINX Controller via the bundled gomarkdown dependency
Denial of Service
<v0.0.0-20240729232818-a2a9c4f76ef5 (and Ingress NGINX builds that ship an earlier gomarkdown)
Apr 29, 2026
High
Ingress NGINX
github.com/gomarkdown/markdown; reaches Ingress NGINX Controller via the bundled gomarkdown dependency
Denial of Service
<v0.0.0-20260411013819-759bbc3e3207 (and Ingress NGINX builds that ship an earlier gomarkdown)
Apr 29, 2026
Medium
Ingress NGINX
Go (golang) standard library, os.Root API; reaches Ingress NGINX Controller via the Go toolchain it is built with
Improper Link Resolution Before File Access ('Link Following')
Go <1.25.9 and 1.26.0 through 1.26.1 (and Ingress NGINX builds compiled with them)
Apr 29, 2026
High
Ingress NGINX
Helm (Kubernetes package manager), helm.sh/helm/v4; reaches Ingress NGINX Controller via the bundled Helm dependency
Improper Verification of Cryptographic Signature
Helm 4.0.0 through 4.1.3 (and Ingress NGINX builds that ship them)
Apr 29, 2026
High
Ingress NGINX
Helm (Kubernetes package manager), helm.sh/helm/v4; reaches Ingress NGINX Controller via the bundled Helm dependency
Path Traversal
Helm 4.0.0 through 4.1.3 (and Ingress NGINX builds that ship them)
Apr 29, 2026
Medium
Spring
Spring Boot
Path Traversal
>=1.0.2 <=2.7.32, >=3.3.0 <=3.3.18, >=3.4.0 <=3.4.15, >=3.5.0 <=3.5.13, >=4.0.0 <=4.0.5
Apr 27, 2026
Medium
Spring
Spring Boot
Information Exposure
>=1.0.0 <=3.5.13, >=4.0.0 <=4.0.5
Apr 27, 2026
High
Spring
Spring Boot
Incorrectly Configured Access Control
>=2.7.0 <=2.7.32, >=3.3.0 <=3.3.18, >=3.4.0 <=3.4.15, >=3.5.0 <=3.5.13, >=4.0.0 <=4.0.5
Apr 27, 2026
High
Spring
Spring Boot
Information Exposure
>=1.3.0 <=2.7.32, >=3.3.0 <=3.3.18, >=3.4.0 <=3.4.15, >=3.5.0 <=3.5.13, >=4.0.0 <=4.0.5
Apr 27, 2026
Medium
Spring
Spring Boot
Incorrectly Configured Access Control
>=1.3.0 <=2.7.32, >=3.0.0 <=3.3.18, >=3.4.0 <=3.4.15, >=3.5.0 <=3.5.13, >=4.0.0 <=4.0.5
Apr 25, 2026
Ensuring Full Compliance and Security
Never-Ending Support ensures your end-of-life open-source software stays fully compliant with industry standards like HIPAA, PCI, SOC2 and FedRAMP. With ongoing security updates and a commitment to audit readiness, you can rest easy knowing your systems remain compliant, secure, and ready for any inspection.
.svg)
Trusted by 900+ Companies, 8,000+ Developers
From the very first point of contact, working with HeroDevs has been an exceptional experience...The option to install EOL Support, rather than undertaking a full internal migration, has saved us significant time, money, and frustrations.”
UI/UX Engineering Manager
Frequently Asked Questions
Get answers to some of our most commonly asked questions.
Of course, if you can't find the answer you're looking for, feel free to contact us.
How are licenses tracked? Do you install a license server?
Do you offer discounts for nonprofits, open source companies, or educational institutions?
How hard is it to get this through our InfoSec and Legal procurement process?
Do I pay extra for development, staging, etc. environments?
How does intellectual property for NES libraries work?
Do you have multi-year license options?
What does a license cover?
What happens if team members leave or join after we’ve purchased licenses?
What makes onboarding so easy?