Vulnerability Directory

If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.

Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.

Switch to Never-Ending Support (NES) from HeroDevs to immediately mitigate these vulnerabilities.

Talk to Our Experts
Get Pricing
Codey gradient
Filter by Severity
Filter by Technology
Filter by Category
Filtering by:
Severity
=
Text for Severity
Close icon
Clear Filters
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
Medium
Open in new tab icon
CVE-2026-41004
Spring
Spring Cloud Config
Information Exposure
>=1.3.0 <=3.1.13, >=4.1.0 <=4.1.9, >=4.2.0 <=4.2.6, >=4.3.0 <=4.3.2, >=5.0.0 <=5.0.2
May 7, 2026
High
Open in new tab icon
CVE-2026-41002
Spring
Spring Cloud Config
Path Traversal
>=1.0.0 <=3.1.13, >=4.1.0 <=4.1.9, >=4.2.0 <=4.2.6, >=4.3.0 <=4.3.2, >=5.0.0 <=5.0.2
May 7, 2026
High
Open in new tab icon
CVE-2026-40981
Spring
Spring Cloud Config
Information Exposure
>=3.1.0 <=3.1.13, >=4.1.0 <=4.1.9, >=4.2.0 <=4.2.6, >=4.3.0 <=4.3.2, >=5.0.0 <=5.0.2
May 7, 2026
Critical
Open in new tab icon
CVE-2026-40982
Spring
Spring Cloud Config
Path Traversal
>=1.0.0 <=3.1.13, >=4.1.0 <=4.1.9, >=4.2.0 <=4.2.6, >=4.3.0 <=4.3.2, >=5.0.0 <=5.0.2
May 7, 2026
Medium
Open in new tab icon
CVE-2025-68161
Apache Log4j
Apache Log4j 2
Information Exposure
>=2.0-beta9 <=2.25.2, >=3.0.0-alpha1 <=3.0.0-beta3
May 5, 2026
Medium
Open in new tab icon
CVE-2026-34477
Apache Log4j
Apache Log4j 2
Information Exposure
>=2.12.0 <=2.25.3, >=3.0.0-alpha1 <=3.0.0-beta3
May 5, 2026
Medium
Open in new tab icon
CVE-2026-34479
Apache Log4j
Apache Log4j 2
Denial of Service
>=2.7 <=2.25.3, >=3.0.0-beta1 <=3.0.0-beta2
May 5, 2026
Medium
Open in new tab icon
CVE-2026-34480
Apache Log4j
Apache Log4j 2
Denial of Service
>=2.0-alpha1 <=2.25.3, >=3.0.0-alpha1 <=3.0.0-beta3
May 5, 2026
Medium
Open in new tab icon
CVE-2026-34481
Apache Log4j
Apache Log4j 2
Denial of Service
>=2.14.0 <=2.25.3, >=3.0.0-alpha1 <=3.0.0-beta3
May 5, 2026
Less Critical
Open in new tab icon
CVE-2026-6816
Drupal 7
TFA Basic Plugins
Broken Access
>=7.1.0 <=7.1.2
May 5, 2026
Medium
Open in new tab icon
CVE-2023-34055
Spring
Spring Boot
Denial of Service
>=2.5.0 <=2.7.17, >=3.0.0 <=3.0.12, >=3.1.0 <=3.1.5
May 1, 2026
Medium
Open in new tab icon
CVE-2023-34050
Spring
Spring AMQP
Remote Code Execution
>=1.0.0 <=2.4.16, >=3.0.0 <=3.0.9
May 1, 2026
Medium
Open in new tab icon
CVE-2024-44337
Ingress NGINX
github.com/gomarkdown/markdown; reaches Ingress NGINX Controller via the bundled gomarkdown dependency
Denial of Service
<v0.0.0-20240729232818-a2a9c4f76ef5 (and Ingress NGINX builds that ship an earlier gomarkdown)
Apr 29, 2026
High
Open in new tab icon
CVE-2026-40890
Ingress NGINX
github.com/gomarkdown/markdown; reaches Ingress NGINX Controller via the bundled gomarkdown dependency
Denial of Service
<v0.0.0-20260411013819-759bbc3e3207 (and Ingress NGINX builds that ship an earlier gomarkdown)
Apr 29, 2026
Medium
Open in new tab icon
CVE-2026-32282
Ingress NGINX
Go (golang) standard library, os.Root API; reaches Ingress NGINX Controller via the Go toolchain it is built with
Improper Link Resolution Before File Access ('Link Following')
Go <1.25.9 and 1.26.0 through 1.26.1 (and Ingress NGINX builds compiled with them)
Apr 29, 2026
Exclamation icon
No results found

Please enter a valid Vulnerability ID number or Technology name.

Sign up for the latest vulnerability alerts
Rss feed icon
Subscribe via RSS
or
Thanks for signing up for our Newsletter! We look forward to connecting with you.
Oops! Something went wrong while submitting the form.