org.springframework:spring-webmvc vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-22741Loworg.springframework:spring-webflux: Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.CVE-2026-22745Mediumorg.springframework:spring-webflux: Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resourcesCVE-2026-22735Loworg.springframework:spring-webmvc: Spring MVC and WebFlux has Server Sent Event stream corruptionCVE-2026-22737Mediumorg.springframework:spring-webmvc: Spring Framework Improper Path Limitation with Script View TemplatesCVE-2025-41242Mediumorg.springframework:spring-webmvc: Spring Framework MVC Applications Path Traversal VulnerabilityCVE-2024-38819Highorg.springframework:spring-webflux: Spring Framework Path Traversal vulnerabilityCVE-2024-38828Mediumorg.springframework:spring-webmvc: Spring MVC controller vulnerable to a DoS attackCVE-2024-38816Highorg.springframework:spring-webmvc: Path traversal vulnerability in functional web frameworksCVE-2023-34053Highorg.springframework:spring-webmvc: Spring Framework vulnerable to denial of serviceCVE-2023-20860Criticalorg.springframework:spring: Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatchCVE-2014-1904Mediumorg.springframework:spring-webmvc: Improper Neutralization of Input During Web Page Generation in Spring FrameworkCVE-2014-3625Mediumorg.springframework:spring-webmvc: Improper Limitation of a Pathname to a Restricted Directory in Spring FrameworkCVE-2014-0225Highorg.springframework:spring-webmvc: Improper Restriction of XML External Entity Reference in Spring FrameworkCVE-2014-0054Mediumorg.springframework:spring-webmvc: Cross-Site Request Forgery in Spring FrameworkCVE-2022-22965Criticalorg.springframework:spring-beans: Remote Code Execution in Spring FrameworkCVE-2020-5397Mediumorg.springframework:spring-webmvc: CSRF attack via CORS preflight requests with Spring MVC or Spring WebFluxCVE-2020-5398Highorg.springframework:spring-webmvc: RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux ApplicationCVE-2016-9878Highorg.springframework:spring-webmvc: Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized

Stop the waste.
Protect your environment with Kodem.