Request Pricing
Every unpatched CVE is a risk. Fix them all now.
Medium
Jackson
jackson-databind
Authorization Bypass
>=2.8.0 <2.18.9, >=2.19.0 <2.21.5, >=3.1.0 <3.1.4
June 23, 2026
Medium
Jackson
jackson-databind
Authorization Bypass
>=2.9.0 <2.18.4, >=2.21.0 <2.21.4, >=3.0.0 <3.1.4
June 23, 2026
Medium
Jackson
jackson-databind
Authorization Bypass
>=2.9.0 <2.18.8, >=2.19.0 <2.21.4, >=3.0.0 <3.1.4
June 23, 2026
Low
Spring
Spring Security
Information Exposure
>=5.5.0 <=5.5.8, >=5.7.0 <=5.7.23, >=5.8.0 <=5.8.25, >=6.2.0 <=6.2.8, >=6.3.0 <=6.3.16, >=6.4.0 <=6.4.16, >=6.5.0 <=6.5.10, >=7.0.0 <=7.0.5
June 22, 2026
Medium
Jackson
jackson-databind
Server-Side Request Forgery
>=2.0.0 <2.18.8, >=2.19.0 <2.21.4, >=3.0.0 <3.1.4
June 22, 2026
High
Jackson
jackson-databind
Remote Code Execution
>=2.10.0 <2.18.8, >=2.19.0 <2.21.4, >=3.0.0 <3.1.4
June 22, 2026
High
Jackson
jackson-databind
Remote Code Execution
>=2.10.0 <2.18.8, >=2.19.0 <2.21.4, >=3.0.0 <3.1.4
June 22, 2026
Medium
Spring
Spring Data KeyValue
Command Injection
>=2.5.0 <=2.5.12, >=2.7.0 <=2.7.19, >=3.0.0 <=3.0.15, >=3.1.0 <=3.1.14, >=3.2.0 <=3.2.15, >=3.3.0 <=3.3.16, >=3.4.0 <=3.4.14, >=3.5.0 <=3.5.11, >=4.0.0 <=4.0.5
June 22, 2026
Ensuring Full Compliance and Security
Never-Ending Support ensures your end-of-life open-source software stays fully compliant with industry standards like HIPAA, PCI, SOC2 and FedRAMP. With ongoing security updates and a commitment to audit readiness, you can rest easy knowing your systems remain compliant, secure, and ready for any inspection.
.svg)
Trusted by 900+ Companies, 8,000+ Developers
From the very first point of contact, working with HeroDevs has been an exceptional experience...The option to install EOL Support, rather than undertaking a full internal migration, has saved us significant time, money, and frustrations.”
UI/UX Engineering Manager
Frequently Asked Questions
Get answers to some of our most commonly asked questions.
Of course, if you can't find the answer you're looking for, feel free to contact us.
How does intellectual property for NES libraries work?
Do I pay extra for development, staging, etc. environments?
What makes onboarding so easy?
How hard is it to get this through our InfoSec and Legal procurement process?
Do you offer discounts for nonprofits, open source companies, or educational institutions?
Do you have multi-year license options?
How are licenses tracked? Do you install a license server?
What happens if team members leave or join after we’ve purchased licenses?
What does a license cover?