Spring

This hub aggregates every CVE we track for Spring, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

OSS Libraries

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM2LOW1HIGH1CRITICAL1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 5 most recently published vulnerabilities affecting Spring.

CVE-2024-38828CVE-2024-38828: DoS via Spring MVC controller method with byte[] parameter5.3Nov 18, 2024
CVE-2024-38821Authorization Bypass of Static Resources in WebFlux Applications9.1Oct 28, 2024
CVE-2024-38820CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception3.1Oct 18, 2024
CVE-2024-38816CVE-2024-38816: Path traversal vulnerability in functional web frameworks7.5Sep 13, 2024
CVE-2024-22258CVE-2024-22258: PKCE Downgrade in Spring Authorization Server6.1Mar 20, 2024

Product normalization is registry-driven with AI assist and human review. How it works