Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.springframework/spring-core@5.0.0
purl pkg:maven/org.springframework/spring-core@5.0.0
Tags Ghost
Next non-vulnerable version 5.2.24.RELEASE
Latest non-vulnerable version 6.2.11
Risk 10.0
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-2rvf-jqqg-vfe7
Aliases:
CVE-2018-1199
GHSA-v596-fwhq-8x48
5.0.2.RELEASE
Affected by 10 other vulnerabilities.
5.0.3
Affected by 0 other vulnerabilities.
VCID-c67u-pz7u-c7bf
Aliases:
CVE-2018-1272
GHSA-4487-x383-qpph
5.0.5
Affected by 0 other vulnerabilities.
5.0.5.RELEASE
Affected by 9 other vulnerabilities.
VCID-jswc-pxte-cfcb
Aliases:
CVE-2018-1271
GHSA-g8hw-794c-4j9g
5.0.5
Affected by 0 other vulnerabilities.
VCID-ndek-xah6-47d2
Aliases:
CVE-2020-5421
GHSA-rv39-3qh7-9v7w
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
5.0.18.RELEASE
Affected by 6 other vulnerabilities.
5.0.19.RELEASE
Affected by 6 other vulnerabilities.
5.1.17.RELEASE
Affected by 6 other vulnerabilities.
5.1.18.RELEASE
Affected by 6 other vulnerabilities.
5.2.8.RELEASE
Affected by 9 other vulnerabilities.
5.2.9.RELEASE
Affected by 9 other vulnerabilities.
VCID-rfx3-r9qs-dkhg
Aliases:
CVE-2018-1257
GHSA-rcpf-vj53-7h2m
5.0.6
Affected by 0 other vulnerabilities.
VCID-v4xw-cyut-xkcj
Aliases:
CVE-2019-3795
GHSA-v2r2-7qm7-jj6v
Spring Security uses insufficiently random values
5.0.12.RELEASE
Affected by 7 other vulnerabilities.
5.0.13.RELEASE
Affected by 7 other vulnerabilities.
5.1.5.RELEASE
Affected by 7 other vulnerabilities.
5.1.6.RELEASE
Affected by 7 other vulnerabilities.
VCID-znax-q3vq-g7cj
Aliases:
CVE-2018-1275
GHSA-3rmv-2pg5-xvqj
5.0.5
Affected by 0 other vulnerabilities.
5.0.5.RELEASE
Affected by 9 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-13T15:08:11.202157+00:00 GitLab Importer Affected by VCID-ndek-xah6-47d2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-core/CVE-2020-5421.yml 38.6.0
2026-06-12T15:41:38.275463+00:00 GitLab Importer Affected by VCID-v4xw-cyut-xkcj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-core/CVE-2019-3795.yml 38.6.0
2026-06-12T15:41:06.884574+00:00 GitLab Importer Affected by VCID-znax-q3vq-g7cj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-core/CVE-2018-1275.yml 38.6.0
2026-06-12T15:41:06.217614+00:00 GitLab Importer Affected by VCID-c67u-pz7u-c7bf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-core/CVE-2018-1272.yml 38.6.0
2026-06-12T15:40:25.513540+00:00 GitLab Importer Affected by VCID-2rvf-jqqg-vfe7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-core/CVE-2018-1199.yml 38.6.0
2026-06-11T20:24:40.024019+00:00 GHSA Importer Affected by VCID-c67u-pz7u-c7bf https://github.com/advisories/GHSA-4487-x383-qpph 38.6.0
2026-06-11T20:24:39.975088+00:00 GHSA Importer Affected by VCID-jswc-pxte-cfcb https://github.com/advisories/GHSA-g8hw-794c-4j9g 38.6.0
2026-06-11T20:24:39.691930+00:00 GHSA Importer Affected by VCID-rfx3-r9qs-dkhg https://github.com/advisories/GHSA-rcpf-vj53-7h2m 38.6.0
2026-06-11T20:24:39.517265+00:00 GHSA Importer Affected by VCID-2rvf-jqqg-vfe7 https://github.com/advisories/GHSA-v596-fwhq-8x48 38.6.0