Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

org.springframework:spring-web

Ecosystem:
maven
Package URL:
pkg:maven/org.springframework:spring-web
Total PRs:
923 Dependabot PRs
Latest PR:
9 days ago
Unique Repositories:
451 repositories
Unique Repos (30 days):
4 repositories
Security Advisories
Spring Web vulnerable to Open Redirect or Server Side Request Forgery
GHSA-ccgv-vj62-xf9h CVE-2024-22243 HIGH published about 2 years ago • updated 27 days ago
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on th...
Pivotal Spring Framework contains unsafe Java deserialization methods
GHSA-4wrc-f8pq-fpqp CVE-2016-1000027 CRITICAL published almost 4 years ago • updated 27 days ago
Pivotal Spring Framework before 6.0.0 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data...
Spring Framework DoS via conditional HTTP request
GHSA-2rmj-mq67-h97g CVE-2024-38809 MODERATE published over 1 year ago • updated 29 days ago
### Description Applications that parse ETags from `If-Match` or `If-None-Match` request headers are vulnerable to DoS attack. ### Affected Spring...
Spring Framework URL Parsing with Host Validation
GHSA-2wrp-6fg6-hmc5 CVE-2024-22262 HIGH published almost 2 years ago • updated 29 days ago
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on th...
Spring Framework URL Parsing with Host Validation Vulnerability
GHSA-hgjh-9rj2-g67j CVE-2024-22259 HIGH published about 2 years ago • updated 29 days ago
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform val...
View all 12 advisories
Recent PRs
RSS Feed
chore(deps): bump the java-minor-patch group across 1 directory with 40 updates

nordic-institute/X-Road #3405

7.0.4 → 7.0.6 Patch PR
Open 9 days ago 3 comments
nordic-institute
chore(deps): bump the production-deps group with 8 updates

MatrixDai/liquibase #25

7.0.5 → 7.0.6 Patch PR
Closed 12 days ago 2 comments
MatrixDai
chore(deps): bump the java-minor-patch group across 1 directory with 49 updates

nordic-institute/X-Road #3385

7.0.1 → 7.0.6 Patch PR
Open 18 days ago 1 comment
nordic-institute
chore(deps): bump the java-minor-patch group across 1 directory with 45 updates

nordic-institute/X-Road #3380

7.0.1 → 7.0.5 Patch PR
Open 21 days ago 2 comments
nordic-institute
Bump the safe-patch-updates group with 20 updates

hhund/dsf #9

6.2.15 → 6.2.16 Patch PR
Closed 23 days ago 1 comment
hhund
chore(deps): bump the java-minor-patch group across 1 directory with 90 updates

nordic-institute/X-Road #3373

7.0.1 → 7.0.5 Patch PR
Closed 25 days ago 2 comments
nordic-institute
Bump the spring-framework group with 5 updates

inetsoft-technology/datatest #26

6.2.10 → 7.0.5 Major PR
Open 28 days ago 1 comment
inetsoft-technology
Bump the maven group across 9 directories with 21 updates

yathin51/tutorials #18

4.3.4.RELEASE → 6.1.21 Major PR
Closed about 1 month ago 1 comment
yathin51
Bump org.springframework:spring-web from 7.0.3 to 7.0.5 in /dashgit-updater

javiertuya/dashgit #268

7.0.3 → 7.0.5 Patch PR
Closed about 1 month ago 2 comments
javiertuya
Bump the maven-dependencies group across 1 directory with 20 updates

Blackdread/rest-filter #402

7.0.2 → 7.0.5 Patch PR
Closed about 1 month ago 1 comment
Blackdread
chore(deps): bump org.springframework:spring-web from 5.3.39 to 6.1.21 in /sa-token-spring-boot2-dependencies

dromara/Sa-Token #904

5.3.39 → 6.1.21 Major PR
Closed about 1 month ago 1 comment
dromara
Bump org.springframework:spring-web from 5.3.39 to 7.0.5

adaptris/interlok-cache #813

5.3.39 → 7.0.5 Major PR
Closed about 1 month ago 1 comment
adaptris
Bump org.springframework:spring-web from 5.3.39 to 7.0.5

adaptris/interlok-cache #811

5.3.39 → 7.0.5 Major PR
Closed about 1 month ago 1 comment
adaptris
Bump org.springframework:spring-web from 3.2.0.RELEASE to 6.1.21 in /sample-web-app

aliz-ai/java2typescript #8

3.2.0.RELEASE → 6.1.21 Major PR
Closed about 1 month ago 1 comment
aliz-ai
Bump the maven group across 27 directories with 24 updates

abhinavm24/tutorials #13

4.3.8.RELEASE → 6.1.21 Major PR
Closed about 1 month ago 1 comment
abhinavm24
Bump the all-maven-deps group across 3 directories with 46 updates

craftercms/craftercms #8551

7.0.3 → 7.0.4 Patch PR
Closed about 1 month ago 1 comment
craftercms
deps: bump org.springframework:spring-web from 6.0.6 to 7.0.4

Mattilsynet/produksjonsdyr-api #181

6.0.6 → 7.0.4 Major PR
Closed about 2 months ago 1 comment
Mattilsynet
deps(deps): bump the maven group across 1 directory with 9 updates

cbwinslow/OpenLegislation-local-dev #275

5.3.39 → 6.1.21 Major PR
Open about 2 months ago 9 comments
cbwinslow
Bump org.springframework:spring-web from 6.2.8 to 7.0.4

dungeon-hub/dungeon-hub-api #48

6.2.8 → 7.0.4 Major PR
Closed about 2 months ago 1 comment
dungeon-hub
Bump org.springframework:spring-web from 5.3.39 to 7.0.4

adaptris/interlok-cache #806

5.3.39 → 7.0.4 Major PR
Closed about 2 months ago 1 comment
adaptris
Bump org.springframework:spring-web from 7.0.3 to 7.0.4

PCGen/pcgen #7512

7.0.3 → 7.0.4 Patch PR
Closed about 2 months ago 2 comments
PCGen
chore(deps): bump org.springframework:spring-web from 5.3.31 to 7.0.4

mjeanroy/springmvc-mustache #1042

5.3.31 → 7.0.4 Major PR
Closed about 2 months ago 1 comment
mjeanroy
chore(deps): Bump org.springframework:spring-web from 6.2.11 to 7.0.3 in /backend

raimonvibe/chatbot-java-spring-ai #118

6.2.11 → 7.0.3 Major PR
Open about 2 months ago 2 comments
raimonvibe
Bump the maven group across 1 directory with 2 updates

nanamix/scouter #1

4.3.18.RELEASE → 6.1.21 Major PR
Closed 2 months ago 1 comment
nanamix
Build(deps): Bump org.springframework:spring-web from 6.2.7 to 6.2.8 in /json-io-spring

jdereg/json-io #430

6.2.7 → 6.2.8 Patch PR
Closed 2 months ago 2 comments
jdereg
Bump the java group across 1 directory with 15 updates

openviglet/dumont #16

7.0.2 → 7.0.3 Patch PR
Closed 2 months ago 1 comment
openviglet
Bump org.springframework:spring-web from 7.0.2 to 7.0.3

avereon/seenc #28

7.0.2 → 7.0.3 Patch PR
Closed 2 months ago 1 comment
avereon
chore(deps): bump the production-deps group with 6 updates

liquibase/liquibase #7524

7.0.2 → 7.0.3 Patch PR
Open 3 months ago 4 comments
liquibase
chore(deps): bump the production-deps group with 6 updates

liquibase/liquibase #7517

7.0.2 → 7.0.3 Patch PR
Closed 3 months ago 3 comments
liquibase
chore: [DevOps] bump the production-major group across 1 directory with 9 updates

SAP/ai-sdk-java #701

6.2.12 → 7.0.2 Major PR
Closed 3 months ago 1 comment
SAP
Bump the all-maven-deps group across 3 directories with 63 updates

craftercms/craftercms #8480

6.2.15 → 7.0.2 Major PR
Closed 3 months ago 2 comments
craftercms
Bump the all-maven-deps group across 3 directories with 64 updates

craftercms/craftercms #8479

6.2.15 → 7.0.2 Major PR
Open 3 months ago 4 comments
craftercms
Bump the all-maven-deps group across 3 directories with 64 updates

craftercms/craftercms #8478

6.2.15 → 7.0.2 Major PR
Open 3 months ago 7 comments
craftercms
Bump the all-maven-deps group across 3 directories with 86 updates

craftercms/craftercms #8474

7.0.1 → 7.0.2 Patch PR
Open 3 months ago 3 comments
craftercms
Bump the all-maven-deps group across 3 directories with 122 updates

QuocKhanh2002/craftercms #13

6.2.10 → 7.0.2 Major PR
Closed 3 months ago 1 comment
QuocKhanh2002
Bump the all-maven-deps group across 3 directories with 121 updates

craftercms/craftercms #8464

7.0.1 → 7.0.2 Patch PR
Closed 3 months ago 1 comment
craftercms
Bump the all-maven-deps group across 3 directories with 118 updates

craftercms/craftercms #8460

7.0.1 → 7.0.2 Patch PR
Closed 4 months ago 1 comment
craftercms
Bump the gradle-version-updates group in /hooks/persistence-defectdojo/hook with 4 updates

secureCodeBox/secureCodeBox #3418

7.0.1 → 7.0.2 Patch PR
Open 4 months ago 4 comments
secureCodeBox
Bump org.springframework:spring-web from 5.3.39 to 7.0.2

adaptris/interlok-cache #782

5.3.39 → 7.0.2 Major PR
Closed 4 months ago 1 comment
adaptris
[DT-400-gradle]: Bump the gradle-patch-updates group with 4 updates

DataBiosphere/stairway #208

7.0.1 → 7.0.2 Patch PR
Open 4 months ago 2 comments
DataBiosphere
Bump org.springframework:spring-web from 5.3.32 to 7.0.2

liftwizard/liftwizard #3235

5.3.32 → 7.0.2 Major PR
Closed 4 months ago 1 comment
liftwizard
chore(deps): bump org.springframework:spring-web from 5.3.31 to 7.0.2

mjeanroy/springmvc-mustache #1016

5.3.31 → 7.0.2 Major PR
Closed 4 months ago 1 comment
mjeanroy
fix: bump the other-dependencies group with 20 updates

lsd-consulting/spring-wiremock-stub-generator #122

6.2.6 → 7.0.1 Major PR
Closed 4 months ago 2 comments
lsd-consulting
Bump org.springframework:spring-web from 5.3.32 to 7.0.1

liftwizard/liftwizard #3187

5.3.32 → 7.0.1 Major PR
Open 4 months ago 1 comment
liftwizard
Bump the maven-dependencies group across 1 directory with 19 updates

Blackdread/rest-filter #399

6.2.11 → 7.0.1 Major PR
Closed 4 months ago 1 comment
Blackdread
build(deps): bump the spring group across 1 directory with 13 updates

DSpace/DSpace #11620

6.2.12 → 6.2.13 Patch PR
Closed 4 months ago 1 comment
DSpace
build(deps): bump the spring group with 12 updates

DSpace/DSpace #11583

6.2.12 → 6.2.13 Patch PR
Closed 4 months ago 1 comment
DSpace
fix: bump the other-dependencies group across 1 directory with 20 updates

lsd-consulting/spring-wiremock-stub-generator #120

6.2.6 → 7.0.1 Major PR
Closed 4 months ago 1 comment
lsd-consulting
Bump org.springframework:spring-web from 6.2.12 to 7.0.1

UnitVectorY-Labs/jsonschema4springboot #150

6.2.12 → 7.0.1 Major PR
Closed 4 months ago 2 comments
UnitVectorY-Labs
Bump org.springframework:spring-web from 6.2.12 to 7.0.1

openapi-processor/openapi-processor-spring #394

6.2.12 → 7.0.1 Major PR
Closed 4 months ago 1 comment
openapi-processor
Package Details
Name: org.springframework:spring-web
Ecosystem: maven
PURL Type: maven
Package URL: pkg:maven/org.springframework:spring-web
JSON API: View JSON
Security Advisories

12

Active advisories
CRITICAL 1
HIGH 4
MODERATE 7
View All maven Advisories
Package Information
Description:

Spring Web

Repository: https://github.com/spring-projects/spring-framework
Homepage: https://github.com/spring-projects/spring-framework
Latest Release: 6.2.7
11 months ago
Dependent Repos: 153,377
Dependent Packages: 6,673
Ranking: Top 0.0054% by dependent repos Top 0.0092% by dependent pkgs
PR Status
Open 406 (44.0%)
Merged 186 (20.2%)
Closed 253 (27.4%)
PR Types
Major 267 (28.9%)
Patch 516 (55.9%)
Minor 62 (6.7%)