Spring framework
This hub aggregates every CVE we track for Spring framework, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
85
CVEs tracked
7
Critical
26
High
2
In CISA KEV
Severity distribution
MEDIUM46HIGH26CRITICAL7LOW6
Monthly trend
0
1
2
2
0
1
0
1
0
0
1
1
0
1
1
1
0
0
0
0
2
3
0
18
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Spring framework.
- CVE-2026-41855Spring Framework Unsafe Deserialization via Jackson JMS Converters8.1
- CVE-2026-41854Spring Framework Server-Side Request Forgery via UriComponentsBuilder4.2
- CVE-2026-41853Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux5.3
- CVE-2026-41852Spring Framework Arbitrary Method Invocation in SpEL Expressions3.7
- CVE-2026-41851Spring Framework Denial of Service via Unbounded Cache in SpEL5.3
- CVE-2026-41850Spring Framework Algorithmic Denial of Service via SpEL Expressions7.5
- CVE-2026-41849Spring Framework Denial of Service via Integer Overflow in SpEL Expressions7.5
- CVE-2026-41848Spring Framework Denial of Service via AntPathMatcher3.7
- CVE-2026-41847Spring Framework Security Filter Bypass in WebFlux Kotlin Router DSL4.8
- CVE-2026-41846Spring Framework Cross-site Scripting via JSP Form Tags5.9
- CVE-2026-41845Spring Framework Cross-site Scripting via JavaScriptUtils7.1
- CVE-2026-41844Spring Framework Open Redirect in Spring MVC and WebFlux4.2
- CVE-2026-41843Spring Framework Path Traversal via Versioned Static Resources in Spring MVC and WebFlux5.9
- CVE-2026-41842Spring Framework Denial of Service via Versioned Resources in Spring MVC and WebFlux7.5
- CVE-2026-41841Spring Framework Information Disclosure via Static Resource Cache in Spring MVC and WebFlux5.9
Product normalization is registry-driven with AI assist and human review. How it works