Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.springframework.security/spring-security-crypto@6.3.8
purl pkg:maven/org.springframework.security/spring-security-crypto@6.3.8
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-vghg-4esd-cbc6 Spring Security Does Not Enforce Password Length BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same. CVE-2025-22228
GHSA-mg83-c7gq-rv5c

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T23:24:03.691625+00:00 GitLab Importer Fixing VCID-vghg-4esd-cbc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-crypto/CVE-2025-22228.yml 38.4.0
2026-04-12T00:43:20.164440+00:00 GitLab Importer Fixing VCID-vghg-4esd-cbc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-crypto/CVE-2025-22228.yml 38.3.0
2026-04-07T04:57:19.429798+00:00 GHSA Importer Fixing VCID-vghg-4esd-cbc6 https://github.com/advisories/GHSA-mg83-c7gq-rv5c 38.1.0
2026-04-03T00:51:16.801095+00:00 GitLab Importer Fixing VCID-vghg-4esd-cbc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-crypto/CVE-2025-22228.yml 38.1.0
2026-04-02T12:41:04.945882+00:00 GitLab Importer Fixing VCID-vghg-4esd-cbc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-crypto/CVE-2025-22228.yml 38.0.0
2026-04-01T12:56:07.398368+00:00 GithubOSV Importer Fixing VCID-vghg-4esd-cbc6 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-mg83-c7gq-rv5c/GHSA-mg83-c7gq-rv5c.json 38.0.0