Search for packages
| purl | pkg:maven/org.springframework/spring-webmvc@6.2.17 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-85dj-ems3-vyh4 | Spring MVC and WebFlux has Server Sent Event stream corruption Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46. |
CVE-2026-22735
GHSA-6hcq-hmm3-jj3c |
| VCID-sh22-dem5-aqf3 | Spring Framework Improper Path Limitation with Script View Templates Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46. |
CVE-2026-22737
GHSA-4773-3jfm-qmx3 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-02T17:01:17.679512+00:00 | GHSA Importer | Fixing | VCID-sh22-dem5-aqf3 | https://github.com/advisories/GHSA-4773-3jfm-qmx3 | 38.1.0 |
| 2026-04-02T17:01:17.284122+00:00 | GHSA Importer | Fixing | VCID-85dj-ems3-vyh4 | https://github.com/advisories/GHSA-6hcq-hmm3-jj3c | 38.1.0 |
| 2026-04-01T12:54:11.711733+00:00 | GithubOSV Importer | Fixing | VCID-sh22-dem5-aqf3 | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-4773-3jfm-qmx3/GHSA-4773-3jfm-qmx3.json | 38.0.0 |
| 2026-04-01T12:54:10.713479+00:00 | GithubOSV Importer | Fixing | VCID-85dj-ems3-vyh4 | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-6hcq-hmm3-jj3c/GHSA-6hcq-hmm3-jj3c.json | 38.0.0 |