FLAT-CNF93 (CVE-2026-22745)
Asymmetric denial of service In org.springframework:spring-webflux
6.3
Medium
Ecosystem: Maven
Package: org.springframework:spring-webflux
FLAT-80GYJ (CVE-2026-22740)
Asymmetric denial of service In org.springframework:spring-webflux
6.3
Medium
Ecosystem: Maven
Package: org.springframework:spring-webflux
FLAT-IL2MU (CVE-2026-22741)
HTTP request smuggling In org.springframework:spring-webflux
2.4
Low
Ecosystem: Maven
Package: org.springframework:spring-webflux
FLAT-IJ0QT (CVE-2026-22735)
Security controls bypass or absence In org.springframework:spring-webmvc
0.5
Low
Ecosystem: Maven
Package: org.springframework:spring-webmvc
FLAT-X9Z3O (CVE-2026-22737)
Lack of data validation - Path Traversal In org.springframework:spring-webflux
6.3
Medium
Ecosystem: Maven
Package: org.springframework:spring-webflux
FLAT-2CTCO (CVE-2018-11040)
Insecure service configuration In org.springframework:spring-webmvc
4.6
Medium
Ecosystem: Maven
Package: org.springframework:spring-webmvc
FLAT-QHHIX (CVE-2016-5007)
Authentication mechanism absence or evasion In org.springframework:spring-webmvc
0.6
Low
Ecosystem: Maven
Package: org.springframework:spring-webmvc
FLAT-7K94P (CVE-2021-22096)
Log injection In org.springframework:spring-webflux
1.3
Low
Ecosystem: Maven
Package: org.springframework:spring-webflux
FLAT-A52B0 (CVE-2011-2730)
Server side template injection In org.springframework:spring-web
0.6
Low
Ecosystem: Maven
Package: org.springframework:spring-web
FLAT-09DLN (JAVA-ORGSPRINGFRAMEWORK-31327)
Asymmetric denial of service - ReDoS In org.springframework:spring-jms
0.6
Low
Ecosystem: Maven
Package: org.springframework:spring-jms
FLAT-SZBMO (JAVA-ORGSPRINGFRAMEWORK-31323)
Asymmetric denial of service - ReDoS In org.springframework:spring-context
0.6
Low
Ecosystem: Maven
Package: org.springframework:spring-context
FLAT-KEH6H (CVE-2025-41254)
Cross-site request forgery In org.springframework:spring-websocket
0.6
Low
Ecosystem: Maven
Package: org.springframework:spring-websocket
FLAT-SWYK0 (CVE-2025-41249)
Improper authorization control for web services In org.springframework:spring-core
6.6
Medium
Ecosystem: Maven
Package: org.springframework:spring-core
FLAT-ECXVN (CVE-2025-41242)
Lack of data validation - Path Traversal In org.springframework:spring-webmvc
4.6
Medium
Ecosystem: Maven
Package: org.springframework:spring-webmvc
FLAT-8ABRH (CVE-2025-41234)
Lack of data validation In org.springframework:spring-web
1.9
Low
Ecosystem: Maven
Package: org.springframework:spring-web
FLAT-UYNWZ (CVE-2025-22233)
Lack of data validation In org.springframework:spring-context
0.6
Low
Ecosystem: Maven
Package: org.springframework:spring-context
FLAT-L5SO0 (CVE-2024-38819)
Lack of data validation - Path Traversal In org.springframework:spring-webflux
4.9
Medium
Ecosystem: Maven
Package: org.springframework:spring-webflux
FLAT-ZPFXS (CVE-2024-38828)
Asymmetric denial of service In org.springframework:spring-webmvc
2.7
Low
Ecosystem: Maven
Package: org.springframework:spring-webmvc
FLAT-JKXLB (CVE-2024-38820)
Lack of data validation - Type confusion In org.springframework:spring-context
2.7
Low
Ecosystem: Maven
Package: org.springframework:spring-context
FLAT-E62UG (CVE-2024-38816)
Lack of data validation - Path Traversal In org.springframework:spring-webflux
6.6
Medium
Ecosystem: Maven
Package: org.springframework:spring-webflux
FLAT-36W6H (CVE-2024-38808)
Asymmetric denial of service In org.springframework:spring-expression
1.2
Low
Ecosystem: Maven
Package: org.springframework:spring-expression
FLAT-Y1UW0 (CVE-2019-11272)
Weak credential policy In org.springframework:spring-core
2.7
Low
Ecosystem: Maven
Package: org.springframework:spring-core
FLAT-9B53D (CVE-2024-22262)
Server-side request forgery (SSRF) In org.springframework:spring-web
6.0
Medium
Ecosystem: Maven
Package: org.springframework:spring-web
FLAT-9FI8T (CVE-2024-22259)
Server-side request forgery (SSRF) In org.springframework:spring-web
7.5
High
Ecosystem: Maven
Package: org.springframework:spring-web
FLAT-8CJOS (CVE-2024-22243)
Server-side request forgery (SSRF) In org.springframework:spring-web
6.2
Medium
Ecosystem: Maven
Package: org.springframework:spring-web
FLAT-WDYA5 (CVE-2024-22233)
Asymmetric denial of service In org.springframework:spring-core
6.6
Medium
Ecosystem: Maven
Package: org.springframework:spring-core
FLAT-CTGR9 (CVE-2023-34053)
Asymmetric denial of service In org.springframework:spring-webmvc
4.6
Medium
Ecosystem: Maven
Package: org.springframework:spring-webmvc
FLAT-ZB25G (CVE-2023-20863)
Asymmetric denial of service In org.springframework:spring-expression
4.9
Medium
Ecosystem: Maven
Package: org.springframework:spring-expression
FLAT-WR9MR (CVE-2023-20860)
Security controls bypass or absence In org.springframework:spring
6.6
Medium
Ecosystem: Maven
Package: org.springframework:spring
FLAT-TYIUZ (CVE-2023-20861)
Remote command execution In org.springframework:spring-expression
4.9
Medium
Ecosystem: Maven
Package: org.springframework:spring-expression
FLAT-4HN5T (CVE-2021-22118)
Excessive privileges In org.springframework:spring-web
5.9
Medium
Ecosystem: Maven
Package: org.springframework:spring-web
FLAT-NWM19 (CVE-2016-1000027)
Insecure deserialization In org.springframework:spring-web
5.2
Medium
Ecosystem: Maven
Package: org.springframework:spring-web
FLAT-LSUTC (CVE-2010-1622)
Server side template injection In org.springframework:spring
2.7
Low
Ecosystem: Maven
Package: org.springframework:spring
FLAT-3YW3Y (CVE-2014-1904)
Reflected cross-site scripting (XSS) In org.springframework:spring-webmvc
1.3
Low
Ecosystem: Maven
Package: org.springframework:spring-webmvc
FLAT-W11TN (CVE-2014-3578)
Lack of data validation - Path Traversal In org.springframework:spring-core
2.7
Low
Ecosystem: Maven
Package: org.springframework:spring-core
FLAT-4ANNI (CVE-2014-0225)
XML injection (XXE) In org.springframework:spring-webmvc
6.3
Medium
Ecosystem: Maven
Package: org.springframework:spring-webmvc
FLAT-7GC5M (CVE-2014-3625)
Lack of data validation - Path Traversal In org.springframework:spring-webmvc
1.3
Low
Ecosystem: Maven
Package: org.springframework:spring-webmvc
FLAT-2ZPNV (CVE-2013-6429)
Cross-site request forgery In org.springframework:spring-web
0.6
Low
Ecosystem: Maven
Package: org.springframework:spring-web
FLAT-7U0OW (CVE-2013-4152)
Cross-site request forgery In org.springframework:spring-oxm
1.3
Low
Ecosystem: Maven
Package: org.springframework:spring-oxm
FLAT-21LS4 (CVE-2014-0054)
Cross-site request forgery In org.springframework:spring-webmvc
1.3
Low
Ecosystem: Maven
Package: org.springframework:spring-webmvc
FLAT-PQV04 (CVE-2013-7315)
Insecure functionality In org.springframework:spring-oxm
0.6
Low
Ecosystem: Maven
Package: org.springframework:spring-oxm
FLAT-RCGCD (CVE-2022-22971)
Improper resource allocation In org.springframework:spring-messaging
4.9
Medium
Ecosystem: Maven
Package: org.springframework:spring-messaging
FLAT-E2WRD (CVE-2022-22970)
Inadequate file size control In org.springframework:spring-beans
4.9
Medium
Ecosystem: Maven
Package: org.springframework:spring-beans
FLAT-0V10G (CVE-2013-6430)
Reflected cross-site scripting (XSS) In org.springframework:spring-web
1.2
Low
Ecosystem: Maven
Package: org.springframework:spring-web
FLAT-2L45P (CVE-2009-1190)
Asymmetric denial of service - ReDoS In org.springframework:spring-core
2.7
Low
Ecosystem: Maven
Package: org.springframework:spring-core
FLAT-98VJ2 (CVE-2022-22968)
Lack of data validation - Type confusion In org.springframework:spring-context
6.6
Medium
Ecosystem: Maven
Package: org.springframework:spring-context
FLAT-CELQ8 (CVE-2022-22950)
Improper resource allocation In org.springframework:spring-expression
4.9
Medium
Ecosystem: Maven
Package: org.springframework:spring-expression
FLAT-44HW2 (CVE-2021-22060)
Log injection In org.springframework:spring-core
1.3
Low
Ecosystem: Maven
Package: org.springframework:spring-core
FLAT-JV67C (CVE-2020-5421)
Security controls bypass or absence In org.springframework:spring-framework-bom
2.1
Low
Ecosystem: Maven
Package: org.springframework:spring-framework-bom
FLAT-0AVC9 (CVE-2018-15756)
Asymmetric denial of service In org.springframework:spring-core
6.6
Medium
Ecosystem: Maven
Package: org.springframework:spring-core
FLAT-8KORP (CVE-2020-5397)
Cross-site request forgery In org.springframework:spring-webmvc
2.7
Low
Ecosystem: Maven
Package: org.springframework:spring-webmvc
FLAT-L66WT (CVE-2020-5398)
Reflected cross-site scripting (XSS) In org.springframework:spring-webmvc
5.2
Medium
Ecosystem: Maven
Package: org.springframework:spring-webmvc
FLAT-I22NN (CVE-2015-5211)
Local file inclusion In org.springframework:spring-core
5.7
Medium
Ecosystem: Maven
Package: org.springframework:spring-core
FLAT-DS05X (CVE-2015-3192)
Improper resource allocation - Buffer overflow In org.springframework:spring-web
4.6
Medium
Ecosystem: Maven
Package: org.springframework:spring-web
FLAT-YVRJ6 (CVE-2015-0201)
Session Fixation In org.springframework:spring-core
1.3
Low
Ecosystem: Maven
Package: org.springframework:spring-core
FLAT-ZFCEC (CVE-2018-1275)
Insecure deserialization In org.springframework:spring-messaging
8.1
High
Ecosystem: Maven
Package: org.springframework:spring-messaging
FLAT-YJ6XL (CVE-2018-1272)
Lack of data validation In org.springframework:spring-core
5.2
Medium
Ecosystem: Maven
Package: org.springframework:spring-core
FLAT-V89C1 (CVE-2018-1271)
Lack of data validation - Path Traversal In org.springframework:spring-core
4.6
Medium
Ecosystem: Maven
Package: org.springframework:spring-core
FLAT-QW4T7 (CVE-2018-1270)
Insecure deserialization In org.springframework:spring-messaging
8.1
High
Ecosystem: Maven
Package: org.springframework:spring-messaging
FLAT-O6U4Q (CVE-2018-1258)
Authentication mechanism absence or evasion In org.springframework:spring-core
8.1
High
Ecosystem: Maven
Package: org.springframework:spring-core
FLAT-Y710J (CVE-2018-1257)
Asymmetric denial of service - ReDoS In org.springframework:spring-core
4.9
Medium
Ecosystem: Maven
Package: org.springframework:spring-core
FLAT-EH9FL (CVE-2018-11039)
Cross-site request forgery In org.springframework:spring-web
4.6
Medium
Ecosystem: Maven
Package: org.springframework:spring-web
FLAT-C8N4O (CVE-2016-9878)
Lack of data validation - Path Traversal In org.springframework:spring-webmvc
6.6
Medium
Ecosystem: Maven
Package: org.springframework:spring-webmvc