org.springframework.security:spring-security-core vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-22746Loworg.springframework.security:spring-security-core: Spring Security Vulnerable to User Attribute Enumeration when Using DaoAuthenticationProviderCVE-2026-22751Mediumorg.springframework.security:spring-security-core: Spring Security Core has a TOCTOU race condition when One-Time Token login…CVE-2025-22234Mediumorg.springframework.security:spring-security-core: Spring Security has a broken timing attack mitigation implemented in DaoAuthenticationProvideCVE-2025-41248Highorg.springframework.security:spring-security-core: Spring Security annotation detection mechanism has authorization bypassCVE-2025-41232Criticalorg.springframework.security:spring-security-aspects: Spring Security authorization bypass for method security annotations on private methodsCVE-2025-22223Mediumorg.springframework.security:spring-security-core: Spring Security Vulnerable to Authorization Bypass via Security AnnotationsCVE-2024-38827Mediumorg.springframework.security:spring-security-core: Spring Framework has Authorization Bypass for Case Sensitive ComparisonsCVE-2024-38810Mediumorg.springframework.security:spring-security-core: Spring Security Missing Authorization vulnerabilityCVE-2024-22257Highorg.springframework.security:spring-security-core: Erroneous authentication pass in Spring SecurityCVE-2024-22234Highorg.springframework.security:spring-security-core: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticatedCVE-2023-20862Mediumorg.springframework.security:spring-security-core: Spring Security logout not clearing security contextCVE-2022-31692Criticalorg.springframework.security:spring-security-core: Spring Security authorization rules can be bypassed via forward or include dispatcher typesCVE-2022-22978Criticalorg.springframework.security:spring-security-core: Authorization bypass in Spring SecurityCVE-2022-22976Mediumorg.springframework.security:spring-security-core: Integer overflow in BCrypt class in Spring SecurityCVE-2011-2732Mediumorg.springframework.security:spring-security-core: Improper Control of Generation of Code in Spring SecurityCVE-2012-5055Mediumorg.springframework.security:spring-security-core: Exposure of Sensitive Information to an Unauthorized Actor in Spring SecurityCVE-2011-2731Mediumorg.springframework.security:spring-security-core: Concurrent Execution using Shared Resource with Improper Synchronization in Spring SecurityCVE-2011-2894Mediumorg.springframework:spring-core: Spring Framework and Spring Security vulnerable to Deserialization of Untrusted DataCVE-2010-3700Mediumorg.springframework.security:spring-security-core: Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi…CVE-2017-4995Highorg.springframework.security:spring-security-core: Deserialization of Untrusted Data in Spring SecurityCVE-2014-0097Highorg.springframework.security:spring-security-core: Improper Authentication in Spring SecurityCVE-2021-22119Highorg.springframework.security:spring-security-core: Resource Exhaustion in Spring SecurityCVE-2016-9879Highorg.springframework.security:spring-security-core: Security Constraint Bypass in Spring SecurityCVE-2014-3527Criticalorg.springframework.security:spring-security-core: Authorization Bypass in Spring SecurityCVE-2020-5408Mediumorg.springframework.security:spring-security-core: Insufficient Entropy in Spring Security

Stop the waste.
Protect your environment with Kodem.