Spring Spring

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Spring.

Recent Spring Security Advisories

Advisory Title Published
2025-05-27 CVE-2025-41235 - High - CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies May 27, 2025
2025-05-19 CVE-2025-41232 - Medium - CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods May 19, 2025
2025-05-15 CVE-2025-22233 - Low - CVE-2025-22233: Spring Framework DataBinder Case Sensitive Match Exception (2nd update) May 15, 2025
2025-04-24 CVE-2025-22235 - Medium - CVE-2025-22235: Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed April 24, 2025
2025-04-22 CVE-2025-22234 - Medium - CVE-2025-22234: Spring Security BCryptPasswordEncoder maximum password length breaks timing attack mitigation April 22, 2025
2025-04-07 CVE-2025-22232 - Medium - CVE-2025-22232: Spring Cloud Config Server May Not Use Vault Token Sent By Clients April 7, 2025
2025-03-19 CVE-2025-22228 - High - CVE-2025-22228: Spring Security BCryptPasswordEncoder does not enforce maximum password length March 19, 2025
2025-03-19 CVE-2025-22223 - Medium - CVE-2025-22223: Spring Security authorization bypass for method security annotations on parameterized types March 19, 2025
2024-11-19 CVE-2024-38829 - Low - CVE-2024-38829: Spring LDAP Spring LDAP sensitive data exposure for case-sensitive comparisons November 19, 2024
2024-11-19 CVE-2024-38827 - Medium - CVE-2024-38827: Spring Security Authorization Bypass for Case Sensitive Comparisons November 19, 2024

By the Year

In 2025 there have been 0 vulnerabilities in Spring. Spring did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2025 0 0.00
2024 0 0.00
2023 1 4.30
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Spring vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Spring Security Vulnerabilities

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values

CVE-2023-34047 4.3 - Medium - September 20, 2023

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader functions through DefaultBatchLoaderRegistry.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for VMware Spring For Graphql or by Spring? Click the Watch button to subscribe.

Spring
Vendor

Spring
Product

subscribe