Vulnerability Directory
If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.
Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.
Switch to Never-Ending Support (NES) from HeroDevs to immediately mitigate these vulnerabilities.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
Medium
Spring
Spring Framework
Cross-Site Scripting
>=4.3.0 <=4.3.30, >=5.3.0 <=5.3.48, >=6.1.0 <=6.1.27, >=6.2.0 <=6.2.18, >=7.0.0 <=7.0.7
Jun 11, 2026
High
Spring
Spring Framework
Cross-Site Scripting
>=4.3.0 <=4.3.30, >=5.3.0 <=5.3.48, >=6.1.0 <=6.1.27, >=6.2.0 <=6.2.18, >=7.0.0 <=7.0.7
Jun 11, 2026
Medium
Spring
Spring Framework
URL Redirect/Open Redirect
>=4.3.0 <=4.3.30, >=5.3.0 <=5.3.48, >=6.1.0 <=6.1.27, >=6.2.0 <=6.2.18, >=7.0.0 <=7.0.7
Jun 11, 2026
Medium
Spring
Spring Framework
Path Traversal
>=4.3.0 <=4.3.30, >=5.3.0 <=5.3.48, >=6.1.0 <=6.1.27, >=6.2.0 <=6.2.18, >=7.0.0 <=7.0.7
Jun 11, 2026
High
Spring
Spring Framework
Denial of Service
>=4.3.0 <=4.3.30, >=5.3.0 <=5.3.48, >=6.1.0 <=6.1.27, >=6.2.0 <=6.2.18, >=7.0.0 <=7.0.7
Jun 11, 2026
Medium
Spring
Spring Framework
Information Exposure
>=4.3.0 <=4.3.30, >=5.3.0 <=5.3.48, >=6.1.0 <=6.1.27, >=6.2.0 <=6.2.18, >=7.0.0 <=7.0.7
Jun 11, 2026
Medium
Spring
Spring Framework
Denial of Service
>=5.3.0 <=5.3.48, >=6.1.0 <=6.1.27, >=6.2.0 <=6.2.18, >=7.0.0 <=7.0.7
Jun 11, 2026
Low
Spring
Spring Framework
Authorization Bypass
>=5.3.0 <=5.3.48, >=6.1.0 <=6.1.27, >=6.2.0 <=6.2.18, >=7.0.0 <=7.0.7
Jun 11, 2026
Medium
Spring
Spring Data REST
Information Exposure
>=3.5.0 <=3.5.12, >=3.7.0 <=3.7.19, >=4.2.0 <=4.2.12, >=4.3.0 <=4.3.16, >=4.4.0 <=4.4.14, >=4.5.0 <=4.5.11, >=5.0.0 <=5.0.5
Jun 11, 2026
Medium
Spring
Spring for Apache Pulsar
Content Spoofing
>=1.0.0 <=1.0.12, >=1.1.0 <=1.1.17, >=1.2.0 <=1.2.17, >=2.0.0 <=2.0.5
Jun 11, 2026
Medium
Spring
Spring for Apache Kafka
Content Spoofing
>=2.7.0 <=2.7.14, >=2.8.0 <=2.8.11, >=2.9.0 <=2.9.13, >=3.1.0 <=3.1.10, >=3.2.0 <=3.2.13, >=3.3.0 <=3.3.15, >=4.0.0 <=4.0.5
Jun 11, 2026
Medium
Spring
Spring for Apache Kafka
Content Spoofing
>=2.7.0 <=2.7.14, >=2.8.0 <=2.8.11, >=2.9.0 <=2.9.13, >=3.1.0 <=3.1.10, >=3.2.0 <=3.2.13, >=3.3.0 <=3.3.15, >=4.0.0 <=4.0.5
Jun 11, 2026
Medium
Spring
Spring for Apache Kafka
Content Spoofing
>=2.7.0 <=2.7.14, >=2.8.0 <=2.8.11, >=2.9.0 <=2.9.13, >=3.1.0 <=3.1.10, >=3.2.0 <=3.2.13, >=3.3.0 <=3.3.15, >=4.0.0 <=4.0.5
Jun 11, 2026
Medium
Spring
Spring LDAP
Content Spoofing
>=2.3.0 <=2.3.8, >=2.4.0 <=2.4.4, >=3.2.0 <=3.2.17, >=3.3.0 <=3.3.7, >=4.0.0 <=4.0.3
Jun 11, 2026
High
Spring
Spring Data MongoDB
Command Injection
>=3.2.0 <=3.2.12, >=3.4.0 <=3.4.19, >=4.0.0 <=4.0.15, >=4.1.0 <=4.1.14, >=4.2.0 <=4.2.15, >=4.3.0 <=4.3.16, >=4.4.0 <=4.4.14, >=4.5.0 <=4.5.11, >=5.0.0 <=5.0.5
Jun 11, 2026
No results found
Please enter a valid Vulnerability ID number or Technology name.