Known Vulnerabilities for Spring Framework by Pivotal Software
Listed below are 10 of the newest known vulnerabilities associated with "Spring Framework" by "Pivotal Software".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-22741 json | Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an a... | Not Provided | 2026-04-29 | 2026-04-29 |
| CVE-2026-22737 json | Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can re... | Not Provided | 2026-03-20 | 2026-03-20 |
| CVE-2026-2742 json | An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 ... | Not Provided | 2026-03-10 | 2026-03-16 |
| CVE-2022-22950 json | n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially c... | 6.5 - MEDIUM | 2022-04-01 | 2022-06-22 |
| CVE-2021-22118 json | In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to... | 7.8 - HIGH | 2021-05-27 | 2022-10-25 |
| CVE-2020-5421 json | In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, t... | 6.5 - MEDIUM | 2020-09-19 | 2023-11-07 |
| CVE-2020-5398 json | In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an ap... | 7.5 - HIGH | 2020-01-17 | 2023-11-07 |
| CVE-2020-5397 json | Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Sp... | 5.3 - MEDIUM | 2020-01-17 | 2022-07-25 |
| CVE-2018-15801 json | Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In ... | 7.4 - HIGH | 2018-12-19 | 2022-06-03 |
| CVE-2018-15756 json | Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions... | 7.5 - HIGH | 2018-10-18 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Pivotal Software | Spring Framework | 5.2.3 | |||
| Application | Pivotal Software | Spring Framework | 5.2.2 | |||
| Application | Pivotal Software | Spring Framework | 5.2.1 | |||
| Application | Pivotal Software | Spring Framework | 5.2.0 | |||
| Application | Pivotal Software | Spring Framework | 5.2.0 | |||
| Application | Pivotal Software | Spring Framework | 5.2.0 | |||
| Application | Pivotal Software | Spring Framework | 5.2.0 | |||
| Application | Pivotal Software | Spring Framework | 5.2.0 | |||
| Application | Pivotal Software | Spring Framework | 5.2.0 | |||
| Application | Pivotal Software | Spring Framework | 5.1.9 | |||
| Application | Pivotal Software | Spring Framework | 5.1.8 | |||
| Application | Pivotal Software | Spring Framework | 5.1.7 | |||
| Application | Pivotal Software | Spring Framework | 5.1.6 | |||
| Application | Pivotal Software | Spring Framework | 5.1.5 | |||
| Application | Pivotal Software | Spring Framework | 5.1.4 | |||
| Application | Pivotal Software | Spring Framework | 5.1.3 | |||
| Application | Pivotal Software | Spring Framework | 5.1.2 | |||
| Application | Pivotal Software | Spring Framework | 5.1.13 | |||
| Application | Pivotal Software | Spring Framework | 5.1.12 | |||
| Application | Pivotal Software | Spring Framework | 5.1.11 |