Vulnerability Directory
If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.
Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.
Switch to Never-Ending Support (NES) from HeroDevs to immediately mitigate these vulnerabilities.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
Critical
Spring
Spring Security
Authorization Bypass
1.3.x; 1.4.x; 1.5.x; 7.0.x
Apr 21, 2026
Medium
Spring
Spring Security
Weak Authentication
6.2.x; 6.3.x; 6.4.x; 6.5.x; 7.0.x
Apr 21, 2026
Low
Spring
Spring Security
Authorization Bypass
4.2.x; 5.5.x; 5.7.x; 5.8.x; 6.2.x; 6.3.x; 6.4.x; 6.5.x; 7.0.x
Apr 21, 2026
Medium
Spring
Spring Framework
Denial of Service
>=3.0.0 <=5.3.47, >=6.0.0 <=6.0.23, >=6.1.0 <=6.1.26, >=6.2.0 <=6.2.17, >=7.0.0 <=7.0.6
Apr 17, 2026
Low
Spring
Spring Framework
Denial of Service
>=4.1.7 <=4.3.30, >=5.0.0 <=5.3.47, >=6.0.0 <=6.0.23, >=6.1.0 <=6.1.26, >=6.2.0 <=6.2.17, >=7.0.0 <=7.0.6
Apr 17, 2026
Medium
Spring
Spring Framework
Denial of Service
>=5.0.0 <=5.3.47, >=6.0.0 <=6.0.23, >=6.1.0 <=6.1.26, >=6.2.0 <=6.2.17, >=7.0.0 <=7.0.6
Apr 17, 2026
High
.NET
.NET Runtime / System.Net.Mail
Improper Neutralization of Special Elements
.ASP.NET Core: >= 6.0.0 <= 6.0.39 >= 8.0.0 <= 8.0.25 >= 9.0.0 <= 9.0.14 <= 10.0.0 <= 10.0.5
Apr 15, 2026
High
.NET
.NET Runtime / System.Security.Cryptography.Xml
Uncontrolled Resource Consumption
Improper Restriction of XML External Entity Reference
ASP.NET Core: >= 6.0.0 <= 6.0.39 >= 8.0.0 <= 8.0.25 >= 9.0.0 <= 9.0.14 <= 10.0.0 <= 10.0.5
Apr 15, 2026
Medium
Drupal 7
Term Reference Tree Widget
Cross-Site Scripting
>= 7.1.x <=7.1.11
Apr 15, 2026
No results found
Please enter a valid Vulnerability ID number or Technology name.