Vulnerability Directory
If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.
Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.
Switch to Never-Ending Support (NES) from HeroDevs to immediately mitigate these vulnerabilities.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
High
NES for Apache Kafka
Apache Kafka
Information Exposure
>=2.8.0 <3.9.2, >=4.0.0 <4.0.2, >=4.1.0 <4.1.2
Jul 1, 2026
Medium
NES for Apache Kafka
Apache Kafka
Information Exposure
>=0.11.0 <3.9.2, =4.0.0
Jul 1, 2026
Low
Apache Tomcat
Apache Tomcat
Cross-Site Scripting
>= 7.0.0 <=7.0.109, >=8.5.0 <=8.5.100, >=9.0.0.M1 <9.0.119, >=10.1.0-M1 <10.1.56, >=11.0.0-M1 <11.0.23
Jul 1, 2026
Low
Apache Tomcat
Apache Tomcat
Information Exposure
>=8.5.0 <=8.5.100, >=9.0.0.M1 <9.0.119, >=10.1.0-M1 <10.1.56, >=11.0.0-M1 <11.0.23
Jul 1, 2026
Low
Apache Tomcat
Apache Tomcat
Authorization Bypass
>=7.0.100 <= 7.0.109, >=8.5.38 <=8.5.100, >=9.0.0.M1 <9.0.119, >=10.1.0-M1 <10.1.56, >=11.0.0-M1 <11.0.23
Jul 1, 2026
Medium
Apache Tomcat
Apache Tomcat
Authorization Bypass
>= 7.0.0 <=7.0.109, >=8.5.0 <=8.5.100, >=9.0.0.M1 <9.0.119, >=10.1.0-M1 <10.1.56, >=11.0.0-M1 <11.0.23
Jul 1, 2026
High
Apache Tomcat
Apache Tomcat
Authorization Bypass
>= 7.0.0 <=7.0.109, >=8.5.0 <=8.5.100, >=9.0.0.M1 <9.0.119, >=10.1.0-M1 <10.1.56, >=11.0.0-M1 <11.0.23
Jul 1, 2026
Medium
Jackson
jackson-databind
Authorization Bypass
>=2.8.0 <2.18.9, >=2.19.0 <2.21.5, >=3.1.0 <3.1.4
Jun 23, 2026
Medium
Jackson
jackson-databind
Authorization Bypass
<2.18.4, >=2.21.0 <2.21.4, >=3.0.0 <3.1.4
Jun 23, 2026
Medium
Jackson
jackson-databind
Authorization Bypass
>=2.9.0 <2.18.8, >=2.19.0 <2.21.4, >=3.0.0 <3.1.4
Jun 23, 2026
Low
Spring
Spring Security
Information Exposure
>=5.5.0 <=5.5.8, >=5.7.0 <=5.7.23, >=5.8.0 <=5.8.25, >=6.2.0 <=6.2.8, >=6.3.0 <=6.3.16, >=6.4.0 <=6.4.16, >=6.5.0 <=6.5.10, >=7.0.0 <=7.0.5
Jun 22, 2026
No results found
Please enter a valid Vulnerability ID number or Technology name.
