Vulnerability Directory
If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.
Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.
Switch to Never-Ending Support from HeroDevs to immediately mitigate these vulnerabilities.
Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.
Switch to Never-Ending Support from HeroDevs to immediately mitigate these vulnerabilities.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
High
Spring
Spring Framework
Path Traversal
>= 6.1.0, < 6.1.14 >= 6.0.0, < 6.0.25 < 5.3.41
Oct 30, 2024
Critical
Spring
Spring
Authorization Bypass
>= 6.3.0, < 6.3.4 >= 6.2.0, < 6.2.7 >= 6.1.0, < 6.1.11 >= 6.0.0, < 6.0.13 >= 5.8.0, < 5.8.15 >= 5.7.0, <= < 5.7.13
Oct 25, 2024
Low
Spring
Spring Framework
Remote Code Execution
>= 6.1.0, < 6.1.14 >= 6.0.0, < 6.0.25 < 5.3.41
Oct 23, 2024
Medium
Express
Express
Resource Injection
>=3.0.0-alpha1 <=3.21.2, >=4.0.0-rc1 <4.21.1, >=5.0.0-alpha.1 <5.0.1
Oct 17, 2024
High
Spring
Spring Framework
Path Traversal
>=5.3.0, <=5.3.39 >=6.0.0, <=6.0.23 >=6.1.0, <=6.1.12
Sep 12, 2024
Medium
Express
Express
Cross-Site Scripting
>=3.0.0-alpha1, <=3.21.2, >=4.0.0-rc1, <4.20.0, >=5.0.0-alpha.1 <5.0.0
Sep 10, 2024
Medium
Spring
Spring Boot
Signature Forgery
>=2.7.0, <=2.7.21 >=3.0.0, <=3.0.16 >=3.1.0, <=3.1.12 >=3.2.0, <=3.2.8 >=3.3.0, <=3.3.2
Aug 23, 2024
No results found
Please enter a valid Vulnerability ID number or Technology name.
Sign up for alerts
Get alerted whenever a new vulnerability is fixed in the open source software we support.