Vulnerability Directory
If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.
Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.
Switch to Never-Ending Support (NES) from HeroDevs to immediately mitigate these vulnerabilities.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
High
Jetty
jetty-http
HTTP Request Smuggling
>= 12.1.0, <= 12.1.6, >= 12.0.0, <= 12.0.32, >= 11.0.0, <= 11.0.27, >= 10.0.0, <= 10.0.27, >= 9.4.0, <= 9.4.59
Mar 6, 2026
Low
Apache Tomcat
Apache Tomcat
Improper Input Validation (4.16)
>=8.5.0 <=8.5.100, >=9.0.0.M1 <9.0.113, >=10.1.0-M1 <10.1.50, >=11.0.0-M1 <11.0.15
Mar 6, 2026
Medium
Apache Tomcat
Apache Tomcat
Improper Input Validation (4.16)
>=8.5.0 <=8.5.100, >=9.0.0.M1 <9.0.113, >=10.1.0-M1 <10.1.50, >=11.0.0-M1 <=11.0.15
Mar 6, 2026
Low
Jetty
Jetty
Improper Input Validation (4.16)
>=9.4.0 <=9.4.58, >=10.0.0 <=10.0.26, >=11.0.0 <=11.0.26, >=12.0.0 <=12.0.30, >=12.1.0 <=12.1.4
Mar 6, 2026
High
Angular
Angular
Cross-Site Scripting
>=21.2.0-next.0 <21.2.0, >=21.0.0-next.0 <21.1.6, >=20.0.0-next.0 <20.3.17, >=7.1.0 <19.2.19
Mar 5, 2026
Critical
Angular
Angular
Server-Side Request Forgery
>=21.2.0-next.0 <21.2.0-rc.1, >=21.0.0-next.0 <21.1.5, >=20.0.0-next.0 <20.3.17, <19.2.21
Mar 1, 2026
High
Spring
Spring Data Geode
Path Traversal
>= 2.0.0 <= 2.7.18, >= 1.7.0 <= 2.2.13
Feb 20, 2026
Medium
Spring
Spring Data Geode
Creation of Temporary File in Directory with Insecure Permissions
>= 2.0.0 < 2.7.18, >= 1.7.0 <= 2.2.13
Feb 19, 2026
Medium
Next.js
>=10.0.0 <15.5.10, >=15.6.0-canary.0 <16.1.5
Denial of Service
NES for Next.js
Feb 13, 2026
No results found
Please enter a valid Vulnerability ID number or Technology name.