VulnerableCode Package Details - pkg:maven/org.springframework/spring-webmvc@7.0.0-M1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.springframework/spring-webmvc@7.0.0-M1

purl	pkg:maven/org.springframework/spring-webmvc@7.0.0-M1

Next non-vulnerable version	7.0.6
Latest non-vulnerable version	7.0.6
Risk	3.1

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-85dj-ems3-vyh4 Aliases: CVE-2026-22735 GHSA-6hcq-hmm3-jj3c	Spring MVC and WebFlux has Server Sent Event stream corruption Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.	7.0.6 Affected by 0 other vulnerabilities.
VCID-sh22-dem5-aqf3 Aliases: CVE-2026-22737 GHSA-4773-3jfm-qmx3	Spring Framework Improper Path Limitation with Script View Templates Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.	7.0.6 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-02T17:01:17.700277+00:00	GHSA Importer	Affected by	VCID-sh22-dem5-aqf3	https://github.com/advisories/GHSA-4773-3jfm-qmx3	38.1.0
2026-04-02T17:01:17.313298+00:00	GHSA Importer	Affected by	VCID-85dj-ems3-vyh4	https://github.com/advisories/GHSA-6hcq-hmm3-jj3c	38.1.0