✅ Check your installed version
All known vulnerabilities
CRITICAL9.8CVE-2016-1000027Pivotal Spring Framework contains unsafe Java deserialization methods from 0, < 6.0.0
HIGH8.1CVE-2024-22262Spring Framework URL Parsing with Host Validation from 0, < 5.3.34
HIGH8.1CVE-2024-22259Spring Framework URL Parsing with Host Validation Vulnerability >= 6.1.0, < 6.1.5
HIGH8.1CVE-2024-22243Spring Web vulnerable to Open Redirect or Server Side Request Forgery >= 6.1.0, < 6.1.4
HIGH7.8CVE-2021-22118Improper Privilege Management in Spring Framework >= 5.2.0, < 5.2.15
MEDIUM6.5CVE-2025-41234Spring Framework vulnerable to a reflected file download (RFD) >= 6.2.0, < 6.2.8
>= 5.0.0, < 5.0.7
MEDIUM5.5CVE-2015-3192Pivotal Spring Framework DoS Attack with XML Input from 0, < 3.2.14
MEDIUM5.4CVE-2013-6430Improper Neutralization of Input During Web Page Generation in Spring Framework from 0, < 3.2.2.RELEASE
MEDIUM5.3CVE-2024-38820Spring Framework DataBinder Case Sensitive Match Exception >= 6.1.0, < 6.1.14
MEDIUM5.3CVE-2024-38809Spring Framework DoS via conditional HTTP request from 0, < 5.3.38
from 0, < 3.2.5.RELEASE