Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

org.springframework:spring-web

Ecosystem:
maven
Package URL:
pkg:maven/org.springframework:spring-web
Total PRs:
939 Dependabot PRs
Latest PR:
about 2 months ago
Unique Repositories:
459 repositories
Unique Repos (30 days):
3 repositories
Security Advisories
Pivotal Spring Framework DoS Attack with XML Input
GHSA-6v7w-535j-rq5m CVE-2015-3192 MODERATE published over 7 years ago • updated about 13 hours ago
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, whic...
Improper Neutralization of Input During Web Page Generation in Spring Framework
GHSA-xjrf-8x4f-43h4 CVE-2013-6430 MODERATE published about 4 years ago • updated 1 day ago
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escap...
Spring Framework Cross Site Tracing (XST)
GHSA-9gcm-f4x3-8jpw CVE-2018-11039 MODERATE published over 7 years ago • updated 4 days ago
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change t...
Cross-Site Request Forgery in Spring Framework
GHSA-g6hf-f9cq-q7w7 CVE-2013-6429 MODERATE published about 4 years ago • updated 8 days ago
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resol...
Spring Framework vulnerable to a reflected file download (RFD)
GHSA-6r3c-xf4w-jxjm CVE-2025-41234 MODERATE published about 1 year ago • updated 8 days ago
### Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file downlo...
View all 12 advisories
Recent PRs
RSS Feed
Bump org.springframework:spring-web from 5.3.20 to 6.0.0

kostas77/Java-Test-FW #4

5.3.20 → 6.0.0 Major PR
Closed over 2 years ago 1 comment
kostas77
Build: Bump org.springframework:spring-web from 5.3.9 to 6.0.13

MaxNevermind/iceberg #140

5.3.9 → 6.0.13 Major PR
Closed over 2 years ago 1 comment
MaxNevermind
Bump org.springframework:spring-web from 5.2.10.RELEASE to 6.0.0 in /SpringWebRest

dharm117x/Interview #9

5.2.10.RELEASE → 6.0.0 Major PR
Closed over 2 years ago
dharm117x
Bump org.springframework:spring-web from 4.3.9.RELEASE to 6.0.0 in /spring-swagger-codegen/spring-openapi-generator-api-client

Centaurioun/tutorials #1255

4.3.9.RELEASE → 6.0.0 Major PR
Closed almost 3 years ago 1 comment
Centaurioun
Bump org.springframework:spring-web from 4.3.9.RELEASE to 6.0.0 in /spring-swagger-codegen/spring-swagger-codegen-api-client

Centaurioun/tutorials #1254

4.3.9.RELEASE → 6.0.0 Major PR
Closed almost 3 years ago 1 comment
Centaurioun
Bump org.springframework:spring-web from 4.3.8.RELEASE to 6.0.0 in /libraries-4

Centaurioun/tutorials #1251

4.3.8.RELEASE → 6.0.0 Major PR
Closed almost 3 years ago 1 comment
Centaurioun
Bump org.springframework:spring-web from 4.3.4.RELEASE to 6.0.0 in /jsf

Centaurioun/tutorials #1250

4.3.4.RELEASE → 6.0.0 Major PR
Closed almost 3 years ago 1 comment
Centaurioun
Bump org.springframework:spring-web from 4.3.4.RELEASE to 6.0.0 in /core-java-modules/core-java-networking

Centaurioun/tutorials #1249

4.3.4.RELEASE → 6.0.0 Major PR
Closed almost 3 years ago 1 comment
Centaurioun
Bump org.springframework:spring-web from 5.0.2.RELEASE to 6.0.0 in /spring-web-modules/spring-mvc-xml

Centaurioun/tutorials #1247

5.0.2.RELEASE → 6.0.0 Major PR
Closed almost 3 years ago 1 comment
Centaurioun
Bump org.springframework:spring-web from 5.0.2.RELEASE to 6.0.0 in /spring-web-modules/spring-mvc-crash

Centaurioun/tutorials #1248

5.0.2.RELEASE → 6.0.0 Major PR
Closed almost 3 years ago 1 comment
Centaurioun
Bump org.springframework:spring-web from 5.0.2.RELEASE to 6.0.0 in /spring-web-modules/spring-mvc-xml-2

Centaurioun/tutorials #1246

5.0.2.RELEASE → 6.0.0 Major PR
Closed almost 3 years ago 1 comment
Centaurioun
Package Details
Name: org.springframework:spring-web
Ecosystem: maven
PURL Type: maven
Package URL: pkg:maven/org.springframework:spring-web
JSON API: View JSON
Security Advisories

12

Active advisories
CRITICAL 1
HIGH 4
MODERATE 7
View All maven Advisories
Package Information
Description:

Spring Web

Repository: https://github.com/spring-projects/spring-framework
Homepage: https://github.com/spring-projects/spring-framework
Latest Release: 6.2.7
about 1 year ago
Dependent Repos: 153,377
Dependent Packages: 6,673
Ranking: Top 0.0054% by dependent repos Top 0.0092% by dependent pkgs
PR Status
Open 408 (43.5%)
Merged 186 (19.8%)
Closed 267 (28.4%)
PR Types
Major 275 (29.3%)
Minor 62 (6.6%)
Patch 524 (55.8%)