Vulnerability Directory
If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.
Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.
Switch to Never-Ending Support (NES) from HeroDevs to immediately mitigate these vulnerabilities.
Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.
Switch to Never-Ending Support (NES) from HeroDevs to immediately mitigate these vulnerabilities.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
Low
Spring
Spring LDAP
Authorization Bypass
<=2.4.3, >=3.0.0 <=3.0.9, >=3.1.0 <=3.1.7, >=3.2.0 <3.2.7
Nov 20, 2024
Medium
Spring
Spring Security
Authorization Bypass
<=5.7.13, >=5.8.0 <=5.8.15, >=6.0.0 <=6.0.13, >=6.1.0 <=6.1.11, >=6.2.0 <=6.2.7, >=6.3.0 <=6.3.4
Nov 19, 2024
High
Spring
Spring Framework
Path Traversal
<5.3.41, >=6.0.0 <6.0.25, >=6.1.0 <6.1.14
Oct 30, 2024
Critical
Spring
Spring Security
Authorization Bypass
>=5.7.0 <5.7.13, >=5.8.0 <5.8.15, >=6.0.0 <6.0.13, >=6.1.0 <6.1.11, >=6.2.0 <6.2.7, >=6.3.0 <6.3.4
Oct 25, 2024
Low
Spring
Spring Framework
Authorization Bypass
<5.3.41, >=6.0.0 <6.0.25, >=6.1.0 <6.1.14
Oct 23, 2024
Medium
Express
Express
Resource Injection
>=3.0.0-alpha1 <=3.21.2, >=4.0.0-rc1 <4.21.1, >=5.0.0-alpha.1 <5.0.1
Oct 17, 2024
High
Node.js
Node.js
HTTP Request Smuggling
>=16.0.0 <16.20.1, >=18.0.0 <18.16.1, >=20.0.0 <20.3.1
Oct 16, 2024
High
Spring
Spring Framework
Path Traversal
>=5.3.0, <=5.3.39 >=6.0.0, <=6.0.23 >=6.1.0, <=6.1.12
Sep 12, 2024
No results found
Please enter a valid Vulnerability ID number or Technology name.
Sign up for alerts
Get alerted whenever a new vulnerability is fixed in the open source software we support.