Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

org.springframework:spring-web

Ecosystem:
maven
Package URL:
pkg:maven/org.springframework:spring-web
Total PRs:
886 Dependabot PRs
Latest PR:
10 days ago
Unique Repositories:
435 repositories
Unique Repos (30 days):
7 repositories
Security Advisories
Spring Web vulnerable to Open Redirect or Server Side Request Forgery
GHSA-ccgv-vj62-xf9h CVE-2024-22243 HIGH published almost 2 years ago • updated 3 days ago
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on th...
Pivotal Spring Framework DoS Attack with XML Input
GHSA-6v7w-535j-rq5m CVE-2015-3192 MODERATE published about 7 years ago • updated about 1 month ago
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, whic...
Spring Framework URL Parsing with Host Validation
GHSA-2wrp-6fg6-hmc5 CVE-2024-22262 HIGH published over 1 year ago • updated 4 days ago
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on th...
Spring Framework DataBinder Case Sensitive Match Exception
GHSA-4gc7-5j7h-4qph CVE-2024-38820 MODERATE published about 1 year ago • updated 4 days ago
The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent e...
Improper Neutralization of Input During Web Page Generation in Spring Framework
GHSA-xjrf-8x4f-43h4 CVE-2013-6430 MODERATE published over 3 years ago • updated 28 days ago
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escap...
View all 12 advisories
Recent PRs
RSS Feed
chore: [DevOps] bump the production-major group across 1 directory with 9 updates

SAP/ai-sdk-java #701

6.2.12 → 7.0.2 Major PR
Closed 10 days ago 1 comment
SAP
Bump the all-maven-deps group across 3 directories with 63 updates

craftercms/craftercms #8480

6.2.15 → 7.0.2 Major PR
Closed 10 days ago 2 comments
craftercms
Bump the all-maven-deps group across 3 directories with 64 updates

craftercms/craftercms #8479

6.2.15 → 7.0.2 Major PR
Open 10 days ago 4 comments
craftercms
Bump the all-maven-deps group across 3 directories with 64 updates

craftercms/craftercms #8478

6.2.15 → 7.0.2 Major PR
Open 13 days ago 7 comments
craftercms
Bump the all-maven-deps group across 3 directories with 86 updates

craftercms/craftercms #8474

7.0.1 → 7.0.2 Patch PR
Open 14 days ago 3 comments
craftercms
Bump the all-maven-deps group across 3 directories with 122 updates

QuocKhanh2002/craftercms #13

6.2.10 → 7.0.2 Major PR
Closed 16 days ago 1 comment
QuocKhanh2002
Bump the all-maven-deps group across 3 directories with 121 updates

craftercms/craftercms #8464

7.0.1 → 7.0.2 Patch PR
Closed 21 days ago 1 comment
craftercms
Bump the all-maven-deps group across 3 directories with 118 updates

craftercms/craftercms #8460

7.0.1 → 7.0.2 Patch PR
Closed 23 days ago 1 comment
craftercms
Bump the gradle-version-updates group in /hooks/persistence-defectdojo/hook with 4 updates

secureCodeBox/secureCodeBox #3418

7.0.1 → 7.0.2 Patch PR
Open 24 days ago 4 comments
secureCodeBox
[DT-400-gradle]: Bump the gradle-patch-updates group with 4 updates

DataBiosphere/stairway #208

7.0.1 → 7.0.2 Patch PR
Open 25 days ago 2 comments
DataBiosphere
Bump org.springframework:spring-web from 5.3.32 to 7.0.2

liftwizard/liftwizard #3235

5.3.32 → 7.0.2 Major PR
Closed 27 days ago 1 comment
liftwizard
chore(deps): bump org.springframework:spring-web from 5.3.31 to 7.0.2

mjeanroy/springmvc-mustache #1016

5.3.31 → 7.0.2 Major PR
Closed 28 days ago 1 comment
mjeanroy
fix: bump the other-dependencies group with 20 updates

lsd-consulting/spring-wiremock-stub-generator #122

6.2.6 → 7.0.1 Major PR
Closed about 1 month ago 2 comments
lsd-consulting
Bump org.springframework:spring-web from 5.3.32 to 7.0.1

liftwizard/liftwizard #3187

5.3.32 → 7.0.1 Major PR
Open about 1 month ago 1 comment
liftwizard
Bump the maven-dependencies group across 1 directory with 19 updates

Blackdread/rest-filter #399

6.2.11 → 7.0.1 Major PR
Closed about 1 month ago 1 comment
Blackdread
build(deps): bump the spring group across 1 directory with 13 updates

DSpace/DSpace #11620

6.2.12 → 6.2.13 Patch PR
Closed about 1 month ago 1 comment
DSpace
build(deps): bump the spring group with 12 updates

DSpace/DSpace #11583

6.2.12 → 6.2.13 Patch PR
Closed about 2 months ago 1 comment
DSpace
fix: bump the other-dependencies group across 1 directory with 20 updates

lsd-consulting/spring-wiremock-stub-generator #120

6.2.6 → 7.0.1 Major PR
Closed about 2 months ago 1 comment
lsd-consulting
Bump org.springframework:spring-web from 6.2.12 to 7.0.1

UnitVectorY-Labs/jsonschema4springboot #150

6.2.12 → 7.0.1 Major PR
Closed about 2 months ago 2 comments
UnitVectorY-Labs
Bump org.springframework:spring-web from 6.2.12 to 7.0.1

openapi-processor/openapi-processor-spring #394

6.2.12 → 7.0.1 Major PR
Closed about 2 months ago 1 comment
openapi-processor
Bump the all-maven-deps group across 3 directories with 109 updates

craftercms/craftercms #8442

6.2.12 → 7.0.0 Major PR
Closed about 2 months ago 1 comment
craftercms
Bump org.springframework:spring-web from 6.2.12 to 7.0.0 in /hooks/persistence-defectdojo/hook in the gradle-version-updates group

secureCodeBox/secureCodeBox #3372

6.2.12 → 7.0.0 Major PR
Open about 2 months ago 2 comments
secureCodeBox
Bump org.springframework:spring-web from 6.2.12 to 7.0.0

UnitVectorY-Labs/jsonschema4springboot #148

6.2.12 → 7.0.0 Major PR
Closed about 2 months ago 1 comment
UnitVectorY-Labs
deps: Bump org.springframework:spring-web from 6.1.21 to 7.0.0

arconia-io/arconia-migrations #134

6.1.21 → 7.0.0 Major PR
Open about 2 months ago 1 comment
arconia-io
build(deps): Bump org.springframework:spring-web from 6.2.11 to 7.0.0

OpenFeign/feign #3116

6.2.11 → 7.0.0 Major PR
Open about 2 months ago 1 comment
OpenFeign
chore(deps): bump org.springframework:spring-web from 6.1.1 to 6.2.12

edoatley/country-api #11

6.1.1 → 6.2.12 Minor PR
Open 2 months ago 3 comments
edoatley
Bump the all-maven-deps group across 3 directories with 99 updates

QuocKhanh2002/craftercms #6

6.2.10 → 6.2.12 Patch PR
Closed 2 months ago 1 comment
QuocKhanh2002
chore(deps): bump the low-risk group in /api-tests with 23 updates

Ensono/stacks-java-cqrs #792

6.2.9 → 6.2.12 Patch PR
Closed 2 months ago 1 comment
Ensono
Bump the gradle-version-updates group in /hooks/persistence-defectdojo/hook with 2 updates

secureCodeBox/secureCodeBox #3333

6.2.11 → 6.2.12 Patch PR
Open 3 months ago 2 comments
secureCodeBox
Bump org.springframework:spring-web from 5.3.39 to 6.2.12

adaptris/interlok-cache #750

5.3.39 → 6.2.12 Major PR
Closed 3 months ago 1 comment
adaptris
Bump org.springframework:spring-web from 6.2.5 to 6.2.12

SparkArmy/SparkArmyBot #228

6.2.5 → 6.2.12 Patch PR
Open 3 months ago
SparkArmy
Bump org.springframework:spring-web from 4.3.0.RELEASE to 6.2.11

abdullahfouad/vulns2 #4

4.3.0.RELEASE → 6.2.11 Major PR
Closed 3 months ago 1 comment
abdullahfouad
chore(deps): bump the low-risk group across 1 directory with 25 updates

Ensono/stacks-java-cqrs #785

6.2.9 → 6.2.11 Patch PR
Closed 3 months ago 1 comment
Ensono
Build(deps-dev): Bump org.springframework:spring-web from 6.2.10 to 6.2.11

apache/struts-examples #503

6.2.10 → 6.2.11 Patch PR
Closed 3 months ago 1 comment
apache
build(deps): Bump org.springframework:spring-web from 6.1.14 to 6.1.21 in /form-spring

OpenFeign/feign #3070

6.1.14 → 6.1.21 Patch PR
Open 3 months ago
OpenFeign
build(deps): bump the low-risk group across 1 directory with 25 updates

Ensono/stacks-java #1526

6.2.9 → 6.2.11 Patch PR
Open 3 months ago
Ensono
Bump org.springframework:spring-web from 5.3.36 to 6.1.21

marcomarasca/Synapse-Repository-Services #36

5.3.36 → 6.1.21 Major PR
Open 3 months ago
marcomarasca
Bump org.springframework:spring-web from 6.2.10 to 6.2.11 in /dashgit-updater

javiertuya/dashgit #229

6.2.10 → 6.2.11 Patch PR
Closed 3 months ago 2 comments
javiertuya
Bump the all-minor-patch group with 18 updates

navikt/soknadsmottaker #155

6.2.10 → 6.2.11 Patch PR
Open 3 months ago
navikt
Bump org.springframework:spring-web from 5.2.3.RELEASE to 6.2.11

green-code-initiative/creedengo-php #71

5.2.3.RELEASE → 6.2.11 Major PR
Open 3 months ago
green-code-initiative
Bump the all-minor-patch group with 53 updates

navikt/tilbakemeldingsmottak-api #288

6.2.9 → 6.2.11 Patch PR
Open 3 months ago
navikt
Bump the spring group with 28 updates

DSpace/DSpace #11391

6.2.10 → 6.2.11 Patch PR
Merged 3 months ago
DSpace
Bump the spring group with 25 updates

DSpace/DSpace #11373

6.2.10 → 6.2.11 Patch PR
Merged 3 months ago
DSpace
Bump the spring group with 28 updates

DSpace/DSpace #11365

6.2.10 → 6.2.11 Patch PR
Open 3 months ago
DSpace
Bump the maven-dependencies group across 1 directory with 27 updates

Blackdread/rest-filter #397

6.2.3 → 6.2.11 Patch PR
Open 3 months ago
Blackdread
Bump the all-minor-patch group with 11 updates

navikt/arkiv-mock #43

6.2.10 → 6.2.11 Patch PR
Open 3 months ago
navikt
Bump the all-maven-deps group across 3 directories with 87 updates

QuocKhanh2002/craftercms #2

6.2.10 → 6.2.11 Patch PR
Open 3 months ago
QuocKhanh2002
chore(deps): bump the low-risk group across 1 directory with 22 updates

Ensono/stacks-java-cqrs #777

6.2.9 → 6.2.11 Patch PR
Open 3 months ago 1 comment
Ensono
build(deps): bump the low-risk group across 1 directory with 23 updates

Ensono/stacks-java #1524

6.2.9 → 6.2.11 Patch PR
Open 3 months ago 1 comment
Ensono
Bump the gradle-version-updates group across 1 directory with 9 updates

secureCodeBox/secureCodeBox #3299

6.2.10 → 6.2.11 Patch PR
Open 3 months ago 3 comments
secureCodeBox
Package Details
Name: org.springframework:spring-web
Ecosystem: maven
PURL Type: maven
Package URL: pkg:maven/org.springframework:spring-web
JSON API: View JSON
Security Advisories

12

Active advisories
CRITICAL 1
HIGH 4
MODERATE 7
View All maven Advisories
Package Information
Description:

Spring Web

Repository: https://github.com/spring-projects/spring-framework
Homepage: https://github.com/spring-projects/spring-framework
Latest Release: 6.2.7
8 months ago
Dependent Repos: 153,377
Dependent Packages: 6,673
Ranking: Top 0.0054% by dependent repos Top 0.0092% by dependent pkgs
PR Status
Open 396 (44.7%)
Merged 185 (20.9%)
Closed 227 (25.6%)
PR Types
Major 249 (28.1%)
Patch 497 (56.1%)
Minor 62 (7.0%)