Org.apache.shiro:shiro-spring
This hub aggregates every CVE we track for Org.apache.shiro:shiro-spring, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
3
CVEs tracked
2
Critical
0
High
0
In CISA KEV
Severity distribution
CRITICAL2MEDIUM1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
2024-072026-06
Latest CVEs
The 3 most recently published vulnerabilities affecting Org.apache.shiro:shiro-spring.
- CVE-2026-23903Apache Shiro: Auth bypass when accessing static files only on case-insensitive filesystems5.3
- CVE-2020-17523Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.9.8
- CVE-2020-17510Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.9.8
Product normalization is registry-driven with AI assist and human review. How it works