VIR Vulnerability Intelligence Relay

Package impact

java Maven / org.springframework.security:spring-security-core

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2014-3527 critical 9.8 9.8 9y ago Authorization Bypass in Spring Security
CVE-2011-2894 medium 6.8 15y ago Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data
CVE-2011-2732 medium 5.3 14y ago Improper Control of Generation of Code in Spring Security
CVE-2011-2731 medium 5.1 14y ago Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security
CVE-2012-5055 medium 5.0 14y ago Exposure of Sensitive Information to an Unauthorized Actor in Spring Security
CVE-2010-3700 medium 5.0 16y ago Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security
CVE-2026-22751 medium 4.8 4.8 1mo ago Spring Security Core has a TOCTOU race condition when One-Time Token login with JdbcOneTimeTokenService is configured
CVE-2026-22746 low 2.5 1mo ago Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProvider
CVE-2025-22234 unknown 4mo ago Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvide
CVE-2025-41248 unknown 9mo ago Spring Security annotation detection mechanism has authorization bypass
CVE-2025-41232 unknown 1y ago Spring Security authorization bypass for method security annotations on private methods
CVE-2025-22223 unknown 1y ago Spring Security Vulnerable to Authorization Bypass via Security Annotations
CVE-2024-38827 unknown 2y ago Spring Framework has Authorization Bypass for Case Sensitive Comparisons
CVE-2024-38810 unknown 2y ago Spring Security Missing Authorization vulnerability
CVE-2024-22257 unknown 2y ago Erroneous authentication pass in Spring Security
CVE-2024-22234 unknown 2y ago Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
CVE-2023-20862 unknown 3y ago Spring Security logout not clearing security context
CVE-2022-31692 unknown 4y ago Spring Security authorization rules can be bypassed via forward or include dispatcher types
CVE-2022-22978 unknown 4y ago Authorization bypass in Spring Security
CVE-2022-22976 unknown 4y ago Integer overflow in BCrypt class in Spring Security
CVE-2021-22119 unknown 5y ago Resource Exhaustion in Spring Security
CVE-2020-5408 unknown 6y ago Insufficient Entropy in Spring Security
CVE-2020-5407 unknown 6y ago Signature wrapping vulnerability in Spring Security
CVE-2019-11272 unknown 7y ago Insufficiently Protected Credentials and Improper Authentication in Spring Security
CVE-2019-3795 unknown 7y ago Spring Security uses insufficiently random values
CVE-2018-15801 unknown 8y ago Spring Security vulnerable to Authorization Bypass
CVE-2018-1199 unknown 8y ago Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core