Vulnerability Directory
If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.
Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.
Switch to Never-Ending Support from HeroDevs to immediately mitigate these vulnerabilities.
Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.
Switch to Never-Ending Support from HeroDevs to immediately mitigate these vulnerabilities.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
Medium
Express
Express
Cross-Site Scripting
>=3.0.0-alpha1, <=3.21.2, >=4.0.0-rc1, <4.20.0, >=5.0.0-alpha.1 <5.0.0
Sep 10, 2024
Medium
Spring
Spring Framework
Denial of Service
>=4.3.0 <=4.3.30, >=5.3.0 <5.3.38, >=6.0.0 <6.0.23, >=6.1.0 <6.1.12
Aug 27, 2024
Medium
Spring
Spring Boot
Signature Forgery
>=2.7.0, <=2.7.21 >=3.0.0, <=3.0.16 >=3.1.0, <=3.1.12 >=3.2.0, <=3.2.8 >=3.3.0, <=3.3.2
Aug 23, 2024
High
Spring
Spring Framework
URL Redirect/Open Redirect
>=4.3.0, >=5.3.0 <5.3.34, >=6.0.0 <6.0.19, >=6.1.0 <6.1.6
Apr 16, 2024
High
Spring
Spring Framework
URL Redirect/Open Redirect
<=4.3.31, >=5.3.0 <5.3.33, >=6.0.0 <6.0.17, >=6.1.0 <6.1.5
Mar 16, 2024
High
Spring
Spring Framework
URL Redirect/Open Redirect
>=4.3.0, <=4.3.30, >=5.3.0 <5.3.32, >=6.0.0 <6.0.17, >=6.1.0 <6.1.4
Feb 23, 2024
High
Spring
Spring Boot
Denial of Service
>=1.5.0 <=1.5.22, >=2.5.0 <2.5.15, >=2.6.0 <2.6.15, >=2.7.0 <2.7.12 >=3.0.0 <3.0.7
May 19, 2023
No results found
Please enter a valid Vulnerability ID number or Technology name.
Sign up for alerts
Get alerted whenever a new vulnerability is fixed in the open source software we support.