Products

Never-Ending Support for Open Source

The Never-Ending Support product line offers secure drop-in replacements for end-of-life open-source software your team depends on.

Secure what you need.
Skip what you don’t.

Get a Custom Quote

Featured NES Products

Featured NES ProductsFrontendBackendInfrastructure

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Talk to Sales

View All Products

Explore Pricing

Supported Products

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Featured NES Products

Featured NES ProductsFrontendBackendInfrastructure

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

12, 14, 16, 18, 20, 22

1.3.x, 1.5.x, 1.6.x, 1.7.x, 1.12.x, 2.2.x, 3.5.x

7.2, 7.3, 7.4, 8.0, 8.1, 8.2

Infrastructure

Rails

2.3, 3.2, 4.2, 5.2, 6.1

Featured NES Products

Featured NES ProductsFrontendBackendInfrastructure

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Talk to Sales

View All Products

Explore Pricing

No NES Products available for Product Name

Do you need support for open source software not listed yet? Tell us what you need!

Request Support

Solutions

Never Ending Support for Open Source.

HeroDevs partners with open-source authors to give companies Never-Ending Support, expert consulting, and engineering for sunsetted open-source packages.

Explore Pricing Talk to Sales View All Products

Get a Custom Quote

SOLUTIONS BY INDUSTRY

SOLUTIONS BY ROLE

Software Development Managers

Engineers Leaders

Compliance-Focused Decision-Makers

THOUGHT LEADERSHIP

Java in 2025: Navigating Migration, Security, and Long-Term Risk

Strategies for CIOs, CISOs, and Engineering Leaders

Pricing

Developers

Integrate Seamlessly With Your Current Build Process

Switching to NES take minutes and is as simple as pointing to our private repository.

Policies Terms of Service

Service Level Agreements

Vulnerability Directory

NES Documentation

Explore install and release notes for all NES products

NES Documentation

GUIDES

Download Methods Consuming Never-Ending Support Packages Nexus Repository Manager Instructions Artifactory Repository Manager Instructions

TOOLS

HeroDevs CLI Vulnerability Directory Report Vulnerability Open Source Sustainability Fund

GUIDES

Java in 2025: Navigating Migration, Security, and Long-Term Risk

Strategies for CIOs, CISOs, and Engineering Leaders

Resources

Vulnerability Directory

If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.

View Vulnerabilities

Spring End-of-Life Resource Hub

End of life doesn’t have to mean end of support. Find strategies, resources, and solutions for keeping your Spring applications stable, secure, and compliant.

Learn More

Resources

Explore the HeroDevs blog, whitepapers, documentation, and more to stay informed.

Company

About Us

Careers

Open Source Sustainability Fund

Resources

IBM selected HeroDevs to provide ongoing support for end-of-life versions of Spring and Struts

See Press Release

Vulnerability Directory

If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.

Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.

Switch to Never-Ending Support (NES) from HeroDevs to immediately mitigate these vulnerabilities.

Talk to Our Experts

Get Pricing

Filter by Severity

CriticalHighMediumLow

Filter by Technology

AngularJS

Angular

Spring

.NET

Node.js

Apache Struts

Bootstrap

Drupal 7

jQuery

Vuetify

Express

Rails

Next.js

Apache Solr & Lucene

Apache Tomcat

Apache Spark

Filter by Category

Inconsistent Interpretation of HTTP Requests

Cache Deception

Privilege Abuse

Regular Expression Denial of Service

Cache Poisoning

Log Injection

Cross-site Request Forgery

Insufficient Verification of Data Authenticity

Privilege Escalation

Incorrectly Configured Access Control

Broken Access

Improper Input Validation (4.16)

Improper Link Resolution Before File Access ('Link Following')

Heap-based Buffer Overflow

Buffer Over-read

Integer Overflow or Wraparound

Creation of Temporary File in Directory with Insecure Permissions

Uncontrolled Resource Consumption

Inefficient Algorithmic Complexity

Improper Handling of Highly Compressed Data (Data Amplification)

Use After Free

Unchecked Input for Loop Condition

Memory Allocation with Excessive Size Value

Access of Resource Using Incompatible Type ('Type Confusion')

Weak Authentication

Prototype Pollution

Server-Side Request Forgery

Improper Output Neutralization for Logs

Improper Session Handling

Use of Unmaintained Third Party

CBC Mode

Predictable Initialization Vector

Cryptographic Weakness

Search Injection

Authorization Bypass

Resource Injection

Remote Code Execution

Denial of Service

Information Exposure

HTTP Request Smuggling

Command Injection

URL Redirect/Open Redirect

Signature Forgery

Path Traversal

Content Spoofing

ReDoS Vulnerability

Cross-Site Scripting

Filtering by:

Severity

Text for Severity

Clear Filters

Severity

Technology

Libraries Affected

Category

Version(s) Affected

Published Date

Critical

CVE-2022-37602

AngularJS

Grunt Karma

Prototype Pollution

>=0.10.0

Oct 29, 2025

High

CVE-2025-41253

Spring

Spring Cloud Gateway

Information Exposure

>=3.1.0 <=3.1.11, >=4.0.0, >=4.1.0 <=4.1.11, >=4.2.0 <=4.2.5, >=4.3.0 <=4.3.1

Oct 21, 2025

Medium

CVE-2025-41254

Spring

Spring Framework

Cross-site Request Forgery

>=6.2.0 < 6.2.12, >=6.1.0 < 6.1.24, >=6.0.0 <=6.0.29, >=5.3.0 < 5.3.46, <5.3.0, >4.3.0 <= 4.3.30

Oct 21, 2025

Critical

CVE-2025-55315

.NET

ASP.NET Core Runtime, Microsoft.AspNetCore.Server.Kestrel.Core

Inconsistent Interpretation of HTTP Requests

ASP.NET Core: >= 6.0.0 <= 6.0.36 >= 8.0.0 <= 8.0.20 >= 9.0.0 <= 9.0.9 <= 10.0.0-rc.1 Microsoft.AspNetCore.Server.Kestrel.Core: <= 2.3.0

Oct 17, 2025

Medium

CVE-2024-47554

Apache Commons

Apache Commons IO

Denial of Service

>=2.0 <2.14.0

Oct 15, 2025

High

CVE-2025-52999

Jackson

Jackson Core

Denial of Service

<2.15.0

Oct 13, 2025

Medium

CVE-2023-35116

Jackson

Jackson Databind

Denial of Service

<=2.15.2

Oct 13, 2025

High

CVE-2023-3894

Jackson

Jackson Dataformats Text

Denial of Service

<2.15.0

Oct 13, 2025

Medium

CVE-2025-57752

Next.js

Cache Deception

>=12.0.0 <14.2.31, >=15.0.0 <15.4.5

Oct 7, 2025

Medium

CVE-2025-55173

Next.js

Content Spoofing

<14.2.31, >=15.0.0 <15.4.5

Oct 7, 2025

Medium

CVE-2025-41249

Spring

Spring Framework

Privilege Abuse

>=5.3.0 <=5.3.44, >=6.0.0 <=6.0.29, >=6.1.0 <6.1.23, >=6.2.0 <6.2.11

Sep 22, 2025

High

CVE-2025-59052

Angular

@angular/platform-server, @angular/ssr, @nguniversal/common

Information Exposure

@angular/platform-server, >=16.0.0-next.0 <18.2.14, >=19.0.0-next.0 <19.2.15, >=20.0.0-next.0 <20.3.0, >=21.0.0-next.0 <21.0.0-next.3, @angular/ssr, >=17.0.0-next.0 <18.2.21, >=19.0.0-next.0 <19.2.16, >=20.0.0-next.0 <20.3.0, >=21.0.0-next.0 <21.0.0-next.3, @nguniversal/common, >=16.0.0-next.0

Sep 11, 2025

Critical

CVE-2025-41243

Spring

Spring Cloud Gateway

Incorrectly Configured Access Control

>=3.1.0 <=3.1.9, >=4.0.0 <=4.0.9, >=4.1.0 <=4.1.9, >=4.2.0 <4.2.5, >=4.3.0 <4.3.1

Sep 10, 2025

Medium

SA-CONTRIB-2025-028

Drupal 7

Access Code Drupal module

Broken Access

<=7.1.1

Aug 26, 2025

Medium

CVE-2025-4690

AngularJS

Regular Expression Denial of Service

>=0.0.0

Aug 19, 2025

No results found

Please enter a valid Vulnerability ID number or Technology name.

Subscribe via RSS

First Name *

Last Name *

Work Email *

Thanks for signing up for our Newsletter! We look forward to connecting with you.

Oops! Something went wrong while submitting the form.

Drop-in replacements for deprecated open source software that keeps you secure and compliant.

+1 877-586-1965

hello@herodevs.com

8850 S 700 E #2437 Sandy, UT 84070

Overview

Never-Ending Support (NES) Products

Solutions

Software Development Managers

Engineers Leaders

Compliance-Focused Decision-Makers

Company

Resources

Vulnerability Directory

Open Source Sustainability Fund

Partners

Cookies Preferences

By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Preferences Reject Accept

Manage Consent Preferences by Category

Essentials

Always active

Necessary for the site to function. Always On.

Marketing

Used for targeted advertising.

Personalization

Remembers your preferences and provides enhanced features.

Analytics

Measures usage and improves your experience.

Reject All Accept All

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.