Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.springframework.security/spring-security-core@5.6.4
purl pkg:maven/org.springframework.security/spring-security-core@5.6.4
Next non-vulnerable version 6.2.8
Latest non-vulnerable version 7.0.5
Risk 4.5
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-2b4h-659w-77ak
Aliases:
CVE-2024-38827
GHSA-q3v6-hm2v-pw99
The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly.
5.7.14
Affected by 1 other vulnerability.
5.8.16
Affected by 1 other vulnerability.
6.0.14
Affected by 0 other vulnerabilities.
6.1.12
Affected by 0 other vulnerabilities.
6.2.8
Affected by 0 other vulnerabilities.
6.3.5
Affected by 1 other vulnerability.
VCID-buca-suya-q3an
Aliases:
CVE-2023-34034
GHSA-3h6f-g5f3-gc4w
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
5.6.12
Affected by 2 other vulnerabilities.
5.7.10
Affected by 4 other vulnerabilities.
5.8.5
Affected by 4 other vulnerabilities.
6.0.5
Affected by 3 other vulnerabilities.
6.1.2
Affected by 4 other vulnerabilities.
VCID-e8tz-73s8-myct
Aliases:
CVE-2024-22257
GHSA-f3jh-qvm4-mg39
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.
5.7.12
Affected by 2 other vulnerabilities.
5.8.11
Affected by 2 other vulnerabilities.
6.1.8
Affected by 1 other vulnerability.
6.2.3
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-ctuz-c8x2-z7df CVE-2022-22976
GHSA-wx54-3278-m5g4
VCID-zzwy-h4sw-4qdk CVE-2022-22978
GHSA-hh32-7344-cg2f

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-14T00:58:15.949214+00:00 GHSA Importer Fixing VCID-zzwy-h4sw-4qdk https://github.com/advisories/GHSA-hh32-7344-cg2f 38.6.0
2026-06-14T00:58:15.747822+00:00 GHSA Importer Fixing VCID-ctuz-c8x2-z7df https://github.com/advisories/GHSA-wx54-3278-m5g4 38.6.0
2026-06-12T19:47:35.845357+00:00 GitLab Importer Affected by VCID-2b4h-659w-77ak https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2024-38827.yml 38.6.0
2026-06-12T19:23:25.026326+00:00 GitLab Importer Affected by VCID-e8tz-73s8-myct https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2024-22257.yml 38.6.0
2026-06-12T19:00:45.583349+00:00 GitLab Importer Affected by VCID-buca-suya-q3an https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2023-34034.yml 38.6.0
2026-06-12T18:16:09.340859+00:00 GitLab Importer Fixing VCID-ctuz-c8x2-z7df https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.security/spring-security-core/CVE-2022-22976.yml 38.6.0
2026-06-12T08:23:30.967431+00:00 GithubOSV Importer Fixing VCID-zzwy-h4sw-4qdk https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hh32-7344-cg2f/GHSA-hh32-7344-cg2f.json 38.6.0
2026-06-12T08:21:54.694068+00:00 GithubOSV Importer Fixing VCID-ctuz-c8x2-z7df https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wx54-3278-m5g4/GHSA-wx54-3278-m5g4.json 38.6.0