Spring data commons
This hub aggregates every CVE we track for Spring data commons, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
7
CVEs tracked
1
Critical
4
High
1
In CISA KEV
Severity distribution
HIGH4MEDIUM2CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
4
2024-072026-06
Latest CVEs
The 7 most recently published vulnerabilities affecting Spring data commons.
- CVE-2026-41721Spring Data Commons Denial of Service via Data Binding5.9
- CVE-2026-41716Spring Data web support unbounded negative-result cache keyed on attacker-supplied property names7.5
- CVE-2026-41711Potential Denial of Service through crafted Sort Parameters5.9
- CVE-2026-41695Denial of Service in Spring Data Commons Property Path Resolution7.5
- CVE-2018-1259Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper ...7.5
- CVE-2018-1274Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated...7.5
- CVE-2018-1273Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. ...KEV9.8
Product normalization is registry-driven with AI assist and human review. How it works