Known Vulnerabilities for Spring Security by Pivotal Software

Listed below are 10 of the newest known vulnerabilities associated with "Spring Security" by "Pivotal Software".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2026-22732	When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that...	Not Provided	2026-03-19	2026-04-02
CVE-2021-22112	Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versi...	8.8 - HIGH	2021-02-23	2023-11-07
CVE-2020-5408	Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x p...	6.5 - MEDIUM	2020-05-14	2021-06-14
CVE-2020-5407	Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML...	8.8 - HIGH	2020-05-13	2023-11-07
CVE-2019-11272	Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPass...	7.3 - HIGH	2019-06-26	2021-06-08
CVE-2019-3795	Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomnes...	5.3 - MEDIUM	2019-04-09	2021-11-02
CVE-2018-1258	Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass...	8.8 - HIGH	2018-05-11	2022-04-11
CVE-2018-1199	Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x b...	5.3 - MEDIUM	2018-03-16	2023-11-07
CVE-2017-4995	An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When co...	8.1 - HIGH	2017-11-27	2023-11-07
CVE-2016-9879	An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security...	7.5 - HIGH	2017-01-06	2021-06-08

Results limited to 10 most recent vulnerabilities

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Pivotal Software	Spring Security	5.3.2	All	All	All
Application	Pivotal Software	Spring Security	5.3.1	All	All	All
Application	Pivotal Software	Spring Security	5.3.0	All	All	All
Application	Pivotal Software	Spring Security	5.2.4	All	All	All
Application	Pivotal Software	Spring Security	5.2.3	All	All	All
Application	Pivotal Software	Spring Security	5.2.2	All	All	All
Application	Pivotal Software	Spring Security	5.2.1	All	All	All
Application	Pivotal Software	Spring Security	5.2.0	All	All	All
Application	Pivotal Software	Spring Security	5.1.9	All	All	All
Application	Pivotal Software	Spring Security	5.1.8	All	All	All
Application	Pivotal Software	Spring Security	5.1.7	All	All	All
Application	Pivotal Software	Spring Security	5.1.6	All	All	All
Application	Pivotal Software	Spring Security	5.1.5	All	All	All
Application	Pivotal Software	Spring Security	5.1.4	All	All	All
Application	Pivotal Software	Spring Security	5.1.3	All	All	All
Application	Pivotal Software	Spring Security	5.1.2	All	All	All
Application	Pivotal Software	Spring Security	5.1.10	All	All	All
Application	Pivotal Software	Spring Security	5.1.1	All	All	All
Application	Pivotal Software	Spring Security	5.1.0	milestone1	All	All
Application	Pivotal Software	Spring Security	5.1.0	-	All	All

Results limited to 20 most recent known configurations