Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.springframework/spring-webflux@6.2.1
purl pkg:maven/org.springframework/spring-webflux@6.2.1
Next non-vulnerable version 6.2.18
Latest non-vulnerable version 7.0.7
Risk 3.1
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-33up-jmsk-qffx
Aliases:
CVE-2026-22745
GHSA-6p4f-wcwh-5vvm
spring-webflux: Spring MVC and Spring WebFlux: Denial of Service via slow static resource resolution on Windows
6.2.18
Affected by 0 other vulnerabilities.
7.0.7
Affected by 0 other vulnerabilities.
VCID-q9g6-nwun-qkgw
Aliases:
CVE-2026-22740
GHSA-5843-p793-ghmm
spring-webflux: Spring WebFlux: Denial of Service via temporary file accumulation
6.2.18
Affected by 0 other vulnerabilities.
7.0.7
Affected by 0 other vulnerabilities.
VCID-xrqe-h6t7-nkak
Aliases:
CVE-2026-22741
GHSA-wg35-8jpf-2xv3
Spring MVC: Spring WebFlux: Spring MVC and Spring WebFlux: Denial of Service via cache poisoning
6.2.18
Affected by 0 other vulnerabilities.
7.0.7
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T08:20:07.221749+00:00 GitLab Importer Affected by VCID-xrqe-h6t7-nkak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2026-22741.yml 38.6.0
2026-06-06T08:20:03.916190+00:00 GitLab Importer Affected by VCID-33up-jmsk-qffx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2026-22745.yml 38.6.0
2026-06-06T08:19:46.373896+00:00 GitLab Importer Affected by VCID-q9g6-nwun-qkgw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-webflux/CVE-2026-22740.yml 38.6.0