Vulnerability Directory

If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.

Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.

Switch to Never-Ending Support (NES) from HeroDevs to immediately mitigate these vulnerabilities.

Talk to Our Experts
Get Pricing
Codey gradient
Filter by Severity
Filter by Technology
Filter by Category
Filtering by:
Severity
=
Text for Severity
Close icon
Clear Filters
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
High
Open in new tab icon
CVE-2026-11998
AngularJS
AngularJS
Cross-Site Scripting
>=1.2.0-rc.3
Jun 24, 2026
Medium
Open in new tab icon
CVE-2026-54515
Jackson
jackson-databind
Authorization Bypass
>=2.8.0 <2.18.9, >=2.19.0 <2.21.5, >=3.1.0 <3.1.4
Jun 23, 2026
Medium
Open in new tab icon
CVE-2026-54516
Jackson
jackson-databind
Authorization Bypass
>=2.9.0 <2.18.4, >=2.21.0 <2.21.4, >=3.0.0 <3.1.4
Jun 23, 2026
Medium
Open in new tab icon
CVE-2026-54517
Jackson
jackson-databind
Authorization Bypass
>=2.9.0 <2.18.8, >=2.19.0 <2.21.4, >=3.0.0 <3.1.4
Jun 23, 2026
Low
Open in new tab icon
CVE-2026-41694
Spring
Spring Security
Information Exposure
>=5.5.0 <=5.5.8, >=5.7.0 <=5.7.23, >=5.8.0 <=5.8.25, >=6.2.0 <=6.2.8, >=6.3.0 <=6.3.16, >=6.4.0 <=6.4.16, >=6.5.0 <=6.5.10, >=7.0.0 <=7.0.5
Jun 22, 2026
Medium
Open in new tab icon
CVE-2026-50193
Jackson
jackson-databind
Denial of Service
>=2.10.0 <2.14.0
Jun 22, 2026
Medium
Open in new tab icon
CVE-2026-54514
Jackson
jackson-databind
Server-Side Request Forgery
>=2.0.0 <2.18.8, >=2.19.0 <2.21.4, >=3.0.0 <3.1.4
Jun 22, 2026
High
Open in new tab icon
CVE-2026-54513
Jackson
jackson-databind
Remote Code Execution
>=2.10.0 <2.18.8, >=2.19.0 <2.21.4, >=3.0.0 <3.1.4
Jun 22, 2026
High
Open in new tab icon
CVE-2026-54512
Jackson
jackson-databind
Remote Code Execution
>=2.10.0 <2.18.8, >=2.19.0 <2.21.4, >=3.0.0 <3.1.4
Jun 22, 2026
Medium
Open in new tab icon
CVE-2026-41719
Spring
Spring Data KeyValue
Command Injection
>=2.5.0 <=2.5.12, >=2.7.0 <=2.7.19, >=3.0.0 <=3.0.15, >=3.1.0 <=3.1.14, >=3.2.0 <=3.2.15, >=3.3.0 <=3.3.16, >=3.4.0 <=3.4.14, >=3.5.0 <=3.5.11, >=4.0.0 <=4.0.5
Jun 22, 2026
High
Open in new tab icon
CVE-2026-47825
Spring
Spring Cloud Gateway
Authorization Bypass
<=4.3.4, >=5.0.0 <=5.0.1
Jun 18, 2026
Medium
Open in new tab icon
CVE-2026-41856
Spring
Spring for GraphQL
Content Spoofing
>=1.0.2 <=1.0.6, >=1.2.0 <=1.2.9, >=1.3.0 <=1.3.8, >=1.4.0 <=1.4.5, >=2.0.0 <=2.0.3
Jun 18, 2026
Medium
Open in new tab icon
CVE-2026-41721
Spring
Spring Data Commons
Denial of Service
>=2.5.0 <=2.5.12, >=2.7.0 <=2.7.19, >=3.0.0 <=3.0.15, >=3.1.0 <=3.1.14, >=3.2.0 <=3.2.15, >=3.3.0 <=3.3.16, >=3.4.0 <=3.4.14, >=3.5.0 <=3.5.11, >=4.0.0 <=4.0.5
Jun 18, 2026
High
Open in new tab icon
CVE-2026-41716
Spring
Spring Data Commons
Denial of Service
>=2.5.0 <=2.5.12, >=2.7.0 <=2.7.19, >=3.2.0 <=3.2.12, >=3.3.0 <=3.3.16, >=3.4.0 <=3.4.14, >=3.5.0 <=3.5.11, >=4.0.0 <=4.0.5
Jun 18, 2026
Medium
Open in new tab icon
CVE-2026-40988
Spring
Spring Security
Denial of Service
>=5.5.0 <=5.5.8, >=5.7.0 <=5.7.23, >=5.8.0 <=5.8.25, >=6.2.0 <=6.2.8, >=6.3.0 <=6.3.16, >=6.4.0 <=6.4.16, >=6.5.0 <=6.5.10, >=7.0.0 <=7.0.5
Jun 18, 2026
Exclamation icon
No results found

Please enter a valid Vulnerability ID number or Technology name.

Sign up for the latest vulnerability alerts
Rss feed icon
Subscribe via RSS
or

By submitting the form I acknowledge receipt of our Privacy Policy.

Thanks for signing up for our Newsletter! We look forward to connecting with you.
Oops! Something went wrong while submitting the form.