Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.springframework/spring-webflux@5.0.19.RELEASE
purl pkg:maven/org.springframework/spring-webflux@5.0.19.RELEASE
Next non-vulnerable version 5.2.20.RELEASE
Latest non-vulnerable version 7.0.7
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-vr7m-chzs-abfu
Aliases:
CVE-2022-22965
GHSA-36p3-wjmg-h94x
GMS-2022-558
GMS-2022-559
GMS-2022-560
GMS-2022-561
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in org.springframework.boot:spring-boot-starter-webflux.
5.2.20.RELEASE
Affected by 0 other vulnerabilities.
5.3.18
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-fra1-reqm-kfdb Remote file disclosure In Spring Framework the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. CVE-2020-5421
GHSA-rv39-3qh7-9v7w

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T01:39:05.011470+00:00 GitLab Importer Affected by VCID-vr7m-chzs-abfu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2022-22965.yml 38.6.0
2026-06-04T16:20:26.582387+00:00 GitLab Importer Fixing VCID-fra1-reqm-kfdb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2020-5421.yml 38.6.0