Vulnerability Directory

If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.

Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.

Switch to Never-Ending Support (NES) from HeroDevs to immediately mitigate these vulnerabilities.

Talk to Our Experts
Get Pricing
Codey gradient
Filter by Severity
Filter by Technology
Filter by Category
Filtering by:
Severity
=
Text for Severity
Close icon
Clear Filters
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
High
Open in new tab icon
CVE-2026-40973
Spring
Spring Boot
Incorrectly Configured Access Control
>=2.7.0 <=2.7.32, >=3.3.0 <=3.3.18, >=3.4.0 <=3.4.15, >=3.5.0 <=3.5.13, >=4.0.0 <=4.0.5
Apr 27, 2026
High
Open in new tab icon
CVE-2026-40972
Spring
Spring Boot
Information Exposure
>=1.3.0 <=2.7.32, >=3.3.0 <=3.3.18, >=3.4.0 <=3.4.15, >=3.5.0 <=3.5.13, >=4.0.0 <=4.0.5
Apr 27, 2026
Medium
Open in new tab icon
CVE-2026-40974
Spring
Spring Boot
Incorrectly Configured Access Control
>=1.3.0 <=2.7.32, >=3.0.0 <=3.3.18, >=3.4.0 <=3.4.15, >=3.5.0 <=3.5.13, >=4.0.0 <=4.0.5
Apr 25, 2026
High
Open in new tab icon
CVE-2026-41423
Angular
Angular
Server-Side Request Forgery
<=18.2.14, >=19.0.0-next.0 <19.2.21, >=20.0.0-next.0 <20.3.19, >=21.0.0-next.0 <21.2.9, >=22.0.0-next.0 <22.0.0-next.8
Apr 23, 2026
Critical
Open in new tab icon
CVE-2026-22752
Spring
Spring Security
Authorization Bypass
1.3.x; 1.4.x; 1.5.x; 7.0.x
Apr 23, 2026
Medium
Open in new tab icon
CVE-2026-22751
Spring
Spring Security
Authorization Bypass
6.4.x; 6.5.x; 7.0.x
Apr 23, 2026
Medium
Open in new tab icon
CVE-2026-22748
Spring
Spring Security
Weak Authentication
6.2.x; 6.3.x; 6.4.x; 6.5.x; 7.0.x
Apr 23, 2026
Low
Open in new tab icon
CVE-2026-22746
Spring
Spring Security
Authorization Bypass
4.2.x; 5.5.x; 5.7.x; 5.8.x; 6.2.x; 6.3.x; 6.4.x; 6.5.x; 7.0.x
Apr 23, 2026
Medium
Open in new tab icon
CVE-2026-22745
Spring
Spring Framework
Denial of Service
>=3.0.0 <=5.3.47, >=6.0.0 <=6.0.23, >=6.1.0 <=6.1.26, >=6.2.0 <=6.2.17, >=7.0.0 <=7.0.6
Apr 17, 2026
Low
Open in new tab icon
CVE-2026-22741
Spring
Spring Framework
Denial of Service
>=4.1.7 <=4.3.30, >=5.0.0 <=5.3.47, >=6.0.0 <=6.0.23, >=6.1.0 <=6.1.26, >=6.2.0 <=6.2.17, >=7.0.0 <=7.0.6
Apr 17, 2026
Medium
Open in new tab icon
CVE-2026-22740
Spring
Spring Framework
Denial of Service
>=5.0.0 <=5.3.47, >=6.0.0 <=6.0.23, >=6.1.0 <=6.1.26, >=6.2.0 <=6.2.17, >=7.0.0 <=7.0.6
Apr 17, 2026
Medium
Open in new tab icon
CVE-2026-3532
Drupal 7
OpenID Connect
Broken Access
>=7.1.0 <=7.1.3
Apr 16, 2026
Medium
Open in new tab icon
CVE-2026-3531
Drupal 7
OpenID Connect
Authorization Bypass
>=7.1.0 <=7.1.3
Apr 16, 2026
Medium
Open in new tab icon
CVE-2026-3530
Drupal 7
OpenID Connect
Information Exposure
>=7.1.0 <=7.1.3
Apr 16, 2026
High
Open in new tab icon
CVE-2026-32178
.NET
.NET Runtime / System.Net.Mail
Improper Neutralization of Special Elements
.ASP.NET Core: >= 6.0.0 <= 6.0.39 >= 8.0.0 <= 8.0.25 >= 9.0.0 <= 9.0.14 <= 10.0.0 <= 10.0.5
Apr 15, 2026
Exclamation icon
No results found

Please enter a valid Vulnerability ID number or Technology name.

Sign up for the latest vulnerability alerts
Rss feed icon
Subscribe via RSS
or
Thanks for signing up for our Newsletter! We look forward to connecting with you.
Oops! Something went wrong while submitting the form.