Vulnerability Directory
If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.
Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.
Switch to Never-Ending Support (NES) from HeroDevs to immediately mitigate these vulnerabilities.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
Medium
Spring
Spring Statemachine
Content Spoofing
>=3.2.0 <=3.2.4, >=4.0.0 <=4.0.1
Jun 15, 2026
Medium
Spring
Spring Framework
Information Exposure
>=5.1.0 <=5.3.48, >=6.1.0 <=6.1.27, >=6.2.0 <=6.2.18, >=7.0.0 <=7.0.7
Jun 15, 2026
Medium
Spring
Spring Data Relational
Information Exposure
>=2.2.0 <=2.2.12, >=2.4.0 <=2.4.19, >=3.0.0 <=3.0.15, >=3.1.0 <=3.1.12, >=3.2.0 <=3.2.15, >=3.3.0 <=3.3.16, >=3.4.0 <=3.4.14, >=3.5.0 <=3.5.11, >=4.0.0 <=4.0.5
Jun 15, 2026
High
Spring
Spring Security
Cross-Site Scripting
>=5.5.0 <=5.5.8, >=5.7.0 <=5.7.23, >=5.8.0 <=5.8.25, >=6.2.0 <=6.2.8, >=6.3.0 <=6.3.16, >=6.4.0 <=6.4.16, >=6.5.0 <=6.5.10, >=7.0.0 <=7.0.5
Jun 15, 2026
Medium
Spring
Spring Boot
Information Exposure
>=0.0.0 <2.7.34, >=3.3.0 <3.3.20, >=3.4.0 <3.4.17, >=3.5.0 <3.5.15, >=4.0.0 <4.0.7
Jun 15, 2026
Medium
Spring
Spring Boot
Information Exposure
>=3.4.0 <3.4.17, >=3.5.0 <3.5.15, >=4.0.0 <4.0.7
Jun 15, 2026
High
Angular
Angular
Denial of Service
<=18.2.14, >=19.0.0-next.0 <19.2.23, >=20.0.0-next.0 <20.3.22, >=21.0.0-next.0 <21.2.15, >=22.0.0-next.0 <22.0.0-rc.2
Jun 12, 2026
High
Angular
Angular
Information Exposure
<=18.2.14, >=19.0.0-next.0 <19.2.23, >=20.0.0-next.0 <20.3.22, >=21.0.0-next.0 <21.2.15, >=22.0.0-next.0 <22.0.0-rc.2
Jun 12, 2026
Medium
Angular
Angular
Information Exposure
<=18.2.14, >=19.0.0-next.0 <19.2.23, >=20.0.0-next.0 <20.3.22, >=21.0.0-next.0 <21.2.15, >=22.0.0-next.0 <22.0.0-rc.2
Jun 12, 2026
Medium
Angular
Angular
Information Exposure
<=18.2.14, >=19.0.0-next.0 <19.2.23, >=20.0.0-next.0 <20.3.22, >=21.0.0-next.0 <21.2.15, >=22.0.0-next.0 <22.0.0-rc.2
Jun 12, 2026
Medium
Angular
Angular
Cross-Site Scripting
<=18.2.14, >=19.0.0-next.0 <19.2.23, >=20.0.0-next.0 <20.3.22, >=21.0.0-next.0 <21.2.15, >=22.0.0-next.0 <22.0.0-rc.2
Jun 12, 2026
Medium
Angular
Angular
Cross-Site Scripting
<=18.2.14, >=19.0.0-next.0 <19.2.23, >=20.0.0-next.0 <20.3.22, >=21.0.0-next.0 <21.2.15, >=22.0.0-next.0 <22.0.0-rc.2
Jun 12, 2026
High
Angular
Angular
Cross-Site Scripting
<=18.2.14, >=19.0.0-next.0 <19.2.25, >=20.0.0-next.0 <20.3.24, >=21.0.0-next.0 <21.2.16, >=22.0.0-next.0 <22.0.0-rc.2
Jun 12, 2026
High
Angular
Angular
Cross-Site Scripting
<=18.2.14, >=19.0.0-next.0 <19.2.25, >=20.0.0-next.0 <20.3.24, >=21.0.0-next.0 <21.2.16, >=22.0.0-next.0 <22.0.0-rc.2
Jun 12, 2026
High
Angular
Angular
Server-Side Request Forgery
<=18.2.14, >=19.0.0-next.0 <19.2.23, >=20.0.0-next.0 <20.3.22, >=21.0.0-next.0 <21.2.15, >=22.0.0-next.0 <22.0.0-rc.2
Jun 11, 2026
No results found
Please enter a valid Vulnerability ID number or Technology name.