Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.springframework.security/spring-security-web@4.0.2.RELEASE
Typemaven
Namespaceorg.springframework.security
Namespring-security-web
Version4.0.2.RELEASE
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.5.9
Latest_non_vulnerable_version7.0.4
Affected_by_vulnerabilities
0
url VCID-vfqt-vr9q-2kfp
vulnerability_id VCID-vfqt-vr9q-2kfp
summary 
Spring Security HTTP Headers Are not Written Under Some Conditions
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. 
This issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.8, from 7.0.0 through 7.0.3.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22732.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22732.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22732
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04091
published_at 2026-04-18T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.04083
published_at 2026-04-16T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04129
published_at 2026-04-13T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.04155
published_at 2026-04-12T12:55:00Z
4
value 0.00017
scoring_system epss
scoring_elements 0.04173
published_at 2026-04-11T12:55:00Z
5
value 0.00017
scoring_system epss
scoring_elements 0.04194
published_at 2026-04-09T12:55:00Z
6
value 0.00017
scoring_system epss
scoring_elements 0.04113
published_at 2026-04-02T12:55:00Z
7
value 0.00017
scoring_system epss
scoring_elements 0.04179
published_at 2026-04-08T12:55:00Z
8
value 0.00017
scoring_system epss
scoring_elements 0.04147
published_at 2026-04-07T12:55:00Z
9
value 0.00017
scoring_system epss
scoring_elements 0.04132
published_at 2026-04-04T12:55:00Z
10
value 0.0002
scoring_system epss
scoring_elements 0.05445
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22732
2
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22732
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22732
4
reference_url https://spring.io/security/cve-2026-22732
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-20T15:01:06Z/
url https://spring.io/security/cve-2026-22732
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2449306
reference_id 2449306
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2449306
6
reference_url https://github.com/advisories/GHSA-mf92-479x-3373
reference_id GHSA-mf92-479x-3373
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mf92-479x-3373
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-web@6.5.9
purl pkg:maven/org.springframework.security/spring-security-web@6.5.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-web@6.5.9
1
url pkg:maven/org.springframework.security/spring-security-web@7.0.4
purl pkg:maven/org.springframework.security/spring-security-web@7.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-web@7.0.4
aliases CVE-2026-22732, GHSA-mf92-479x-3373
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vfqt-vr9q-2kfp
1
url VCID-yeaf-ta2h-p7c1
vulnerability_id VCID-yeaf-ta2h-p7c1
summary 
Privilege escalation in spring security
Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22112.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22112.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22112
reference_id
reference_type
scores
0
value 0.00979
scoring_system epss
scoring_elements 0.76783
published_at 2026-04-21T12:55:00Z
1
value 0.00979
scoring_system epss
scoring_elements 0.76792
published_at 2026-04-18T12:55:00Z
2
value 0.00979
scoring_system epss
scoring_elements 0.76787
published_at 2026-04-16T12:55:00Z
3
value 0.00979
scoring_system epss
scoring_elements 0.76754
published_at 2026-04-12T12:55:00Z
4
value 0.00979
scoring_system epss
scoring_elements 0.76688
published_at 2026-04-01T12:55:00Z
5
value 0.00979
scoring_system epss
scoring_elements 0.76703
published_at 2026-04-07T12:55:00Z
6
value 0.00979
scoring_system epss
scoring_elements 0.76721
published_at 2026-04-04T12:55:00Z
7
value 0.00979
scoring_system epss
scoring_elements 0.76692
published_at 2026-04-02T12:55:00Z
8
value 0.00979
scoring_system epss
scoring_elements 0.76774
published_at 2026-04-11T12:55:00Z
9
value 0.00979
scoring_system epss
scoring_elements 0.76746
published_at 2026-04-13T12:55:00Z
10
value 0.00979
scoring_system epss
scoring_elements 0.76735
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22112
2
reference_url https://github.com/spring-projects/spring-security
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security
3
reference_url https://github.com/spring-projects/spring-security/releases/tag/5.4.4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/spring-projects/spring-security/releases/tag/5.4.4
4
reference_url https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22112
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22112
15
reference_url https://tanzu.vmware.com/security/cve-2021-22112
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://tanzu.vmware.com/security/cve-2021-22112
16
reference_url https://www.jenkins.io/security/advisory/2021-02-19
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.jenkins.io/security/advisory/2021-02-19
17
reference_url https://www.jenkins.io/security/advisory/2021-02-19/
reference_id
reference_type
scores
url https://www.jenkins.io/security/advisory/2021-02-19/
18
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
19
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
20
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
21
reference_url http://www.openwall.com/lists/oss-security/2021/02/19/7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/02/19/7
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1931453
reference_id 1931453
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1931453
23
reference_url https://security.archlinux.org/AVG-1595
reference_id AVG-1595
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1595
24
reference_url https://github.com/advisories/GHSA-gq28-h5vg-8prx
reference_id GHSA-gq28-h5vg-8prx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gq28-h5vg-8prx
fixed_packages
0
url pkg:maven/org.springframework.security/spring-security-web@5.2.9
purl pkg:maven/org.springframework.security/spring-security-web@5.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-web@5.2.9
1
url pkg:maven/org.springframework.security/spring-security-web@5.2.9.RELEASE
purl pkg:maven/org.springframework.security/spring-security-web@5.2.9.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vfqt-vr9q-2kfp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-web@5.2.9.RELEASE
2
url pkg:maven/org.springframework.security/spring-security-web@5.3.8
purl pkg:maven/org.springframework.security/spring-security-web@5.3.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-web@5.3.8
3
url pkg:maven/org.springframework.security/spring-security-web@5.3.9
purl pkg:maven/org.springframework.security/spring-security-web@5.3.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-web@5.3.9
4
url pkg:maven/org.springframework.security/spring-security-web@5.3.9.RELEASE
purl pkg:maven/org.springframework.security/spring-security-web@5.3.9.RELEASE
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vfqt-vr9q-2kfp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-web@5.3.9.RELEASE
5
url pkg:maven/org.springframework.security/spring-security-web@5.4.4
purl pkg:maven/org.springframework.security/spring-security-web@5.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vfqt-vr9q-2kfp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-web@5.4.4
aliases CVE-2021-22112, GHSA-gq28-h5vg-8prx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yeaf-ta2h-p7c1
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-web@4.0.2.RELEASE