Vulnerability Directory

Explore Pricing

Supported Products

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Featured NES Products

Featured NES ProductsFrontendBackendInfrastructure

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

AngularJS

1.4.x, 1.5.x, 1.8.x

Angular

v4 - v19

Spring

Various

.NET

6, 8, 9

.NET

Node.js

12, 14, 16, 18, 20

Struts

Various versions

Bootstrap

2 - 4

2.x

PostgreSQL

12.x, 13.x

Database

Apache Grails

6.2, 7

Apache Solr & Lucene

8.11.x

Apache Tapestry

4.1.x

Apache Tomcat

8.5

CometD

5, 6, 7

Django

3.2, 4.2

Python

Drupal 7

7.x

PHP

ESLint

8.x

Express

3.x

Fastify

3.x

Grunt

v0.4 - 1.5

Hibernate

5.6

Jetty

9, 10, 11

jQuery

1.3.x, 1.5.x, 1.6.x, 1.7.x, 1.12.x, 2.1.x, 2.2.x, 3.5.x

Knockout.js

3.5.1, 3.4.2, 2.3.0

Lodash

3.x, 4.x

NestJS

Next.js

12.3.5

NumPy

1.26.x

Python

Nuxt

2.x

Protractor

7.0.0

PHP

7.2, 7.3, 7.4, 8.0, 8.1, 8.2

PHP

Rails

2.3, 3.2, 4.2, 5.2, 6.1

Other

Vuetify

2.x

Ember.js

Web Essentials

Apache Camel

2.25.x, 3.22.x

Apache Cocoon

2.3.x

Apache Spark

2.4.x

Featured NES Products

Featured NES ProductsFrontendBackendInfrastructure

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Talk to Sales

Explore Pricing Talk to Sales View All Products

Explore Pricing

No NES Products available for Product Name

Do you need support for open source software not listed yet? Tell us what you need!

Request Support

Solutions

Never-Ending Support for Open Source.

HeroDevs partners with open-source authors to give companies Never-Ending Support, expert consulting, and engineering for sunsetted open-source packages.

Get a Custom Quote

SOLUTIONS BY INDUSTRY

SOLUTIONS BY ROLE

Software Development Managers

Engineering Leaders

Compliance-Focused Decision-Makers

THOUGHT LEADERSHIP

Quantifying the Real Risks of Unsupported Open Source Software

A data-backed look at the security, compliance, and operational risks created by unsupported open source—and how long-term support models like NES help organizations stay secure and audit-ready.

Pricing

Developers

Integrate Seamlessly With Your Current Build Process

Switching to NES take minutes

Policies Terms of Service

Service Level Agreements

Vulnerability Directory

NES Documentation

Explore install and release notes for all NES products

NES Documentation

GUIDES

Download Methods Consuming Never-Ending Support Packages Nexus Repository Manager Instructions Artifactory Repository Manager Instructions

TOOLS

HeroDevs CLI Vulnerability Directory Report Vulnerability Open Source Sustainability Fund

GUIDES

Quantifying the Real Risks of Unsupported Open Source Software

A data-backed look at the security, compliance, and operational risks created by unsupported open source—and how long-term support models like NES help organizations stay secure and audit-ready.

Partners

Resources

Vulnerability Directory

If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.

View Vulnerabilities

Spring End-of-Life Resource Hub

End of life doesn’t have to mean end of support. Find strategies, resources, and solutions for keeping your Spring applications stable, secure, and compliant.

Learn More

Resources

Explore the HeroDevs blog, whitepapers, documentation, and more to stay informed.

Company

About Us

Careers

Open Source Sustainability Fund

Resources

Vulnerability Directory

If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.

Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.

Switch to Never-Ending Support (NES) from HeroDevs to immediately mitigate these vulnerabilities.

Talk to Our Experts

Get Pricing

Filter by Severity

CriticalHighMediumLow

Filter by Technology

Angular

AngularJS

Apache Solr & Lucene

Apache Spark

Apache Struts

Apache Tapestry

Apache Tomcat

Bootstrap

Drupal 7

Express

Jetty

jQuery

Hibernate

.NET

Next.js

Node.js

Rails

Spring

Vuetify

Filter by Category

Access of Resource Using Incompatible Type ('Type Confusion')

Authorization Bypass

Broken Access

Buffer Over-read

Cache Deception

Cache Poisoning

CBC Mode

Code Injection

Command Injection

Content Spoofing

Creation of Temporary File in Directory with Insecure Permissions

Cross-site Request Forgery

Cross-Site Scripting

Cryptanalysis

Cryptographic Weakness

Denial of Service

Heap-based Buffer Overflow

HTTP Request Smuggling

Improper Certificate Validation

Improper Handling of Highly Compressed Data (Data Amplification)

Improper Input Validation (4.16)

Improper Link Resolution Before File Access ('Link Following')

Improper Neutralization of Special Elements

Improper Output Neutralization for Logs

Improper Restriction of XML External Entity Reference

Improper Session Handling

Improper Verification of Cryptographic Signature

Inconsistent Interpretation of HTTP Requests

Incorrectly Configured Access Control

Inefficient Algorithmic Complexity

Information Exposure

Insufficient Verification of Data Authenticity

Integer Overflow or Wraparound

Log Injection

Memory Allocation with Excessive Size Value

Path Traversal

Predictable Initialization Vector

Privilege Abuse

Privilege Escalation

Prototype Pollution

ReDoS Vulnerability

Regular Expression Denial of Service

Remote Code Execution

Resource Injection

Search Injection

Server-Side Request Forgery

Signature Forgery

SQL Injection

Unchecked Input for Loop Condition

Uncontrolled Resource Consumption

URL Redirect/Open Redirect

Use After Free

Use of Unmaintained Third Party

Weak Authentication

Filtering by:

Severity

Text for Severity

Clear Filters

Severity

Technology

Libraries Affected

Category

Version(s) Affected

Published Date

Medium

CVE-2025-68161

Apache Log4j

Apache Log4j 2

Information Exposure

>=2.0-beta9 <=2.25.2, >=3.0.0-alpha1 <=3.0.0-beta3

May 5, 2026

Medium

CVE-2026-34477

Apache Log4j

Apache Log4j 2

Information Exposure

>=2.12.0 <=2.25.3, >=3.0.0-alpha1 <=3.0.0-beta3

May 5, 2026

Medium

CVE-2026-34479

Apache Log4j

Apache Log4j 2

Denial of Service

>=2.7 <=2.25.3, >=3.0.0-beta1 <=3.0.0-beta2

May 5, 2026

Medium

CVE-2026-34480

Apache Log4j

Apache Log4j 2

Denial of Service

>=2.0-alpha1 <=2.25.3, >=3.0.0-alpha1 <=3.0.0-beta3

May 5, 2026

Medium

CVE-2026-34481

Apache Log4j

Apache Log4j 2

Denial of Service

>=2.14.0 <=2.25.3, >=3.0.0-alpha1 <=3.0.0-beta3

May 5, 2026

Less Critical

CVE-2026-6816

Drupal 7

TFA Basic Plugins

Broken Access

>=7.1.0 <=7.1.2

May 5, 2026

Medium

CVE-2023-34055

Spring

Spring Boot

Denial of Service

>=2.5.0 <=2.7.17, >=3.0.0 <=3.0.12, >=3.1.0 <=3.1.5

May 1, 2026

Medium

CVE-2023-34050

Spring

Spring AMQP

Remote Code Execution

>=1.0.0 <=2.4.16, >=3.0.0 <=3.0.9

May 1, 2026

Medium

CVE-2024-44337

Ingress NGINX

github.com/gomarkdown/markdown; reaches Ingress NGINX Controller via the bundled gomarkdown dependency

Denial of Service

<v0.0.0-20240729232818-a2a9c4f76ef5 (and Ingress NGINX builds that ship an earlier gomarkdown)

Apr 29, 2026

High

CVE-2026-40890

Ingress NGINX

github.com/gomarkdown/markdown; reaches Ingress NGINX Controller via the bundled gomarkdown dependency

Denial of Service

<v0.0.0-20260411013819-759bbc3e3207 (and Ingress NGINX builds that ship an earlier gomarkdown)

Apr 29, 2026

Medium

CVE-2026-32282

Ingress NGINX

Go (golang) standard library, os.Root API; reaches Ingress NGINX Controller via the Go toolchain it is built with

Improper Link Resolution Before File Access ('Link Following')

Go <1.25.9 and 1.26.0 through 1.26.1 (and Ingress NGINX builds compiled with them)

Apr 29, 2026

High

CVE-2026-35205

Ingress NGINX

Helm (Kubernetes package manager), helm.sh/helm/v4; reaches Ingress NGINX Controller via the bundled Helm dependency

Improper Verification of Cryptographic Signature

Helm 4.0.0 through 4.1.3 (and Ingress NGINX builds that ship them)

Apr 29, 2026

High

CVE-2026-35204

Ingress NGINX

Helm (Kubernetes package manager), helm.sh/helm/v4; reaches Ingress NGINX Controller via the bundled Helm dependency

Path Traversal

Helm 4.0.0 through 4.1.3 (and Ingress NGINX builds that ship them)

Apr 29, 2026

Medium

CVE-2026-40977

Spring

Spring Boot

Path Traversal

>=1.0.2 <=2.7.32, >=3.3.0 <=3.3.18, >=3.4.0 <=3.4.15, >=3.5.0 <=3.5.13, >=4.0.0 <=4.0.5

Apr 27, 2026

Medium

CVE-2026-40975

Spring

Spring Boot

Information Exposure

>=1.0.0 <=3.5.13, >=4.0.0 <=4.0.5

Apr 27, 2026

No results found

Please enter a valid Vulnerability ID number or Technology name.

Subscribe via RSS

First Name *

Last Name *

Work Email *

Thanks for signing up for our Newsletter! We look forward to connecting with you.

Oops! Something went wrong while submitting the form.

Never-Ending Support

Drop-in replacements for deprecated open source software that keeps you secure, compliant, and compatible.

Spring Struts Apache Grails Apache Solr & Lucene Apache Tapestry Apache Tomcat CometD Hibernate Jetty

Get a Custom Quote

Never-Ending Support (NES) Products

JavaScript

AngularJS jQuery Angular Knockout.js Node.js Lodash Bootstrap NestJS Vue 2 Next.js ESLint Nuxt Express Protractor Fastify Vuetify Grunt

Java

Python

Django NumPy

Databases

PostgreSQL

Other

.NET PHP Ruby on Rails

Resources

Vulnerability Directory EOL Dataset Blog OSS Sustainability Fund Shows Case Studies Webinars Newsletters Whitepapers Ebooks NES Documentation What is EOL Security?

Solutions

Financial Services Healthcare Technology Government IT Security Managers Software Development Managers Engineering Leaders Compliance-Focused Decision-Makers

Company

About Us Contact We are Hiring!HeroDevs Partner Program Branding Legal

HeroDevs gives engineering companies and security teams the only platform built to manage the risk from using unsupported, end-of-life open source.

+1 877-586-1965

hello@herodevs.com

8850 S 700 E #2437 Sandy, UT 84070

Never-Ending Support

Drop-in replacements for deprecated open source software that keeps you secure, compliant, and compatible.