Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.springframework/spring-expression@5.0.5.RELEASE
purl pkg:maven/org.springframework/spring-expression@5.0.5.RELEASE
Next non-vulnerable version 5.3.39
Latest non-vulnerable version 6.1.14
Risk 4.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-1bh8-3gb1-4ben
Aliases:
CVE-2024-38808
GHSA-9cmq-m9j5-mvww
Spring Framework vulnerable to Denial of Service In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Older, unsupported versions are also affected. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions.
5.3.39
Affected by 0 other vulnerabilities.
VCID-6ysx-5wcw-f7b5
Aliases:
CVE-2023-20863
GHSA-wxqc-pxw9-g2p8
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') In spring framework versions prior to 5.2.24 release+,5.3.27+ and 6.0.8+, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
5.2.24.RELEASE
Affected by 1 other vulnerability.
5.3.27
Affected by 1 other vulnerability.
6.0.8
Affected by 0 other vulnerabilities.
VCID-dy4t-tm9m-rfex
Aliases:
CVE-2022-22950
GHSA-558x-2xjg-6232
Allocation of Resources Without Limits or Throttling in Spring Framework In Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a Denial of Service.
5.2.20
Affected by 0 other vulnerabilities.
5.2.20.RELEASE
Affected by 3 other vulnerabilities.
5.3.16
Affected by 3 other vulnerabilities.
5.3.17
Affected by 3 other vulnerabilities.
VCID-z3th-j593-m7bg
Aliases:
CVE-2023-20861
GHSA-564r-hj7v-mcr5
Spring Framework vulnerable to denial of service via specially crafted SpEL expression In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
5.2.23.RELEASE
Affected by 2 other vulnerabilities.
5.3.26
Affected by 2 other vulnerabilities.
6.0.7
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T23:06:25.369178+00:00 GitLab Importer Affected by VCID-1bh8-3gb1-4ben https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2024-38808.yml 38.4.0
2026-04-16T22:26:50.288233+00:00 GitLab Importer Affected by VCID-6ysx-5wcw-f7b5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2023-20863.yml 38.4.0
2026-04-16T22:24:44.231942+00:00 GitLab Importer Affected by VCID-z3th-j593-m7bg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2023-20861.yml 38.4.0
2026-04-16T21:44:06.880392+00:00 GitLab Importer Affected by VCID-dy4t-tm9m-rfex https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2022-22950.yml 38.4.0
2026-04-12T00:24:26.015742+00:00 GitLab Importer Affected by VCID-1bh8-3gb1-4ben https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2024-38808.yml 38.3.0
2026-04-11T23:45:06.647352+00:00 GitLab Importer Affected by VCID-6ysx-5wcw-f7b5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2023-20863.yml 38.3.0
2026-04-11T23:42:54.263259+00:00 GitLab Importer Affected by VCID-z3th-j593-m7bg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2023-20861.yml 38.3.0
2026-04-11T22:59:44.322420+00:00 GitLab Importer Affected by VCID-dy4t-tm9m-rfex https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2022-22950.yml 38.3.0
2026-04-03T00:32:01.631460+00:00 GitLab Importer Affected by VCID-1bh8-3gb1-4ben https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2024-38808.yml 38.1.0
2026-04-02T23:48:48.824034+00:00 GitLab Importer Affected by VCID-6ysx-5wcw-f7b5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2023-20863.yml 38.1.0
2026-04-02T23:46:45.983572+00:00 GitLab Importer Affected by VCID-z3th-j593-m7bg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2023-20861.yml 38.1.0
2026-04-02T23:08:23.943783+00:00 GitLab Importer Affected by VCID-dy4t-tm9m-rfex https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2022-22950.yml 38.1.0
2026-04-01T18:12:07.802539+00:00 GitLab Importer Affected by VCID-6ysx-5wcw-f7b5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2023-20863.yml 38.0.0
2026-04-01T18:10:00.819940+00:00 GitLab Importer Affected by VCID-z3th-j593-m7bg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2023-20861.yml 38.0.0
2026-04-01T17:27:51.214943+00:00 GitLab Importer Affected by VCID-dy4t-tm9m-rfex https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-expression/CVE-2022-22950.yml 38.0.0