Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

org.springframework:spring-web

Ecosystem:
maven
Package URL:
pkg:maven/org.springframework:spring-web
Total PRs:
939 Dependabot PRs
Latest PR:
about 1 month ago
Unique Repositories:
459 repositories
Unique Repos (30 days):
3 repositories
Security Advisories
Spring Framework Cross Site Tracing (XST)
GHSA-9gcm-f4x3-8jpw CVE-2018-11039 MODERATE published over 7 years ago • updated about 1 hour ago
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change t...
Cross-Site Request Forgery in Spring Framework
GHSA-g6hf-f9cq-q7w7 CVE-2013-6429 MODERATE published about 4 years ago • updated 1 day ago
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resol...
Spring Framework URL Parsing with Host Validation Vulnerability
GHSA-hgjh-9rj2-g67j CVE-2024-22259 HIGH published over 2 years ago • updated about 3 hours ago
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform val...
Spring Framework vulnerable to a reflected file download (RFD)
GHSA-6r3c-xf4w-jxjm CVE-2025-41234 MODERATE published about 1 year ago • updated 1 day ago
### Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file downlo...
Improper Privilege Management in Spring Framework
GHSA-gfwj-fwqj-fp3v CVE-2021-22118 HIGH published about 4 years ago • updated 1 day ago
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalatio...
View all 12 advisories
Recent PRs (filtered by: Open )
RSS Feed Clear filter
Bump the maven group across 18 directories with 24 updates

abrahem79/glowroot #5

2.0.8 → 5.3.38 Major PR
Open about 2 months ago 2 comments
abrahem79
[DT-400-gradle]: Bump the gradle-patch-updates group with 9 updates

DataBiosphere/stairway #217

7.0.2 → 7.0.6 Patch PR
Open 3 months ago 3 comments
DataBiosphere
chore(deps): bump the java-minor-patch group across 1 directory with 40 updates

nordic-institute/X-Road #3405

7.0.4 → 7.0.6 Patch PR
Open 3 months ago 3 comments
nordic-institute
chore(deps): bump the java-minor-patch group across 1 directory with 49 updates

nordic-institute/X-Road #3385

7.0.1 → 7.0.6 Patch PR
Open 3 months ago 1 comment
nordic-institute
chore(deps): bump the java-minor-patch group across 1 directory with 45 updates

nordic-institute/X-Road #3380

7.0.1 → 7.0.5 Patch PR
Open 3 months ago 2 comments
nordic-institute
Bump the spring-framework group with 5 updates

inetsoft-technology/datatest #26

6.2.10 → 7.0.5 Major PR
Open 3 months ago 1 comment
inetsoft-technology
deps(deps): bump the maven group across 1 directory with 9 updates

cbwinslow/OpenLegislation-local-dev #275

5.3.39 → 6.1.21 Major PR
Open 4 months ago 9 comments
cbwinslow
chore(deps): Bump org.springframework:spring-web from 6.2.11 to 7.0.3 in /backend

raimonvibe/chatbot-java-spring-ai #118

6.2.11 → 7.0.3 Major PR
Open 4 months ago 2 comments
raimonvibe
chore(deps): bump the production-deps group with 6 updates

liquibase/liquibase #7524

7.0.2 → 7.0.3 Patch PR
Open 5 months ago 4 comments
liquibase
Bump the all-maven-deps group across 3 directories with 64 updates

craftercms/craftercms #8479

6.2.15 → 7.0.2 Major PR
Open 6 months ago 4 comments
craftercms
Bump the all-maven-deps group across 3 directories with 64 updates

craftercms/craftercms #8478

6.2.15 → 7.0.2 Major PR
Open 6 months ago 7 comments
craftercms
Bump the all-maven-deps group across 3 directories with 86 updates

craftercms/craftercms #8474

7.0.1 → 7.0.2 Patch PR
Open 6 months ago 3 comments
craftercms
Bump the gradle-version-updates group in /hooks/persistence-defectdojo/hook with 4 updates

secureCodeBox/secureCodeBox #3418

7.0.1 → 7.0.2 Patch PR
Open 6 months ago 4 comments
secureCodeBox
[DT-400-gradle]: Bump the gradle-patch-updates group with 4 updates

DataBiosphere/stairway #208

7.0.1 → 7.0.2 Patch PR
Open 6 months ago 2 comments
DataBiosphere
Bump org.springframework:spring-web from 5.3.32 to 7.0.1

liftwizard/liftwizard #3187

5.3.32 → 7.0.1 Major PR
Open 7 months ago 1 comment
liftwizard
Bump org.springframework:spring-web from 5.3.39 to 6.1.21

Cognia-TestLab/BenchmarkJava #3

5.3.39 → 6.1.21 Major PR
Open 7 months ago 1 comment
Cognia-TestLab
Bump org.springframework:spring-web from 6.2.12 to 7.0.0 in /hooks/persistence-defectdojo/hook in the gradle-version-updates group

secureCodeBox/secureCodeBox #3372

6.2.12 → 7.0.0 Major PR
Open 7 months ago 2 comments
secureCodeBox
deps: Bump org.springframework:spring-web from 6.1.21 to 7.0.0

arconia-io/arconia-migrations #134

6.1.21 → 7.0.0 Major PR
Open 7 months ago 1 comment
arconia-io
build(deps): Bump org.springframework:spring-web from 6.2.11 to 7.0.0

OpenFeign/feign #3116

6.2.11 → 7.0.0 Major PR
Open 7 months ago 1 comment
OpenFeign
chore(deps): bump org.springframework:spring-web from 6.1.1 to 6.2.12

edoatley/country-api #11

6.1.1 → 6.2.12 Minor PR
Open 8 months ago 3 comments
edoatley
Bump the gradle-version-updates group in /hooks/persistence-defectdojo/hook with 2 updates

secureCodeBox/secureCodeBox #3333

6.2.11 → 6.2.12 Patch PR
Open 8 months ago 2 comments
secureCodeBox
Gradle: Bump org.springframework:spring-web from 6.2.9 to 6.2.12

Cosmo-Tech/cosmotech-api-common #375

6.2.9 → 6.2.12 Patch PR
Open 8 months ago
Cosmo-Tech
Bump org.springframework:spring-web from 6.2.5 to 6.2.12

SparkArmy/SparkArmyBot #228

6.2.5 → 6.2.12 Patch PR
Open 8 months ago
SparkArmy
build(deps): Bump org.springframework:spring-web from 6.1.14 to 6.1.21 in /form-spring

OpenFeign/feign #3070

6.1.14 → 6.1.21 Patch PR
Open 8 months ago
OpenFeign
build(deps): bump the low-risk group across 1 directory with 25 updates

Ensono/stacks-java #1526

6.2.9 → 6.2.11 Patch PR
Open 8 months ago
Ensono
Bump org.springframework:spring-web from 5.3.36 to 6.1.21

marcomarasca/Synapse-Repository-Services #36

5.3.36 → 6.1.21 Major PR
Open 8 months ago
marcomarasca
Bump the all-minor-patch group with 18 updates

navikt/soknadsmottaker #155

6.2.10 → 6.2.11 Patch PR
Open 9 months ago
navikt
Bump org.springframework:spring-web from 5.2.3.RELEASE to 6.2.11

green-code-initiative/creedengo-php #71

5.2.3.RELEASE → 6.2.11 Major PR
Open 9 months ago
green-code-initiative
Bump the all-minor-patch group with 53 updates

navikt/tilbakemeldingsmottak-api #288

6.2.9 → 6.2.11 Patch PR
Open 9 months ago
navikt
Bump the spring group with 28 updates

DSpace/DSpace #11365

6.2.10 → 6.2.11 Patch PR
Open 9 months ago
DSpace
Bump the maven-dependencies group across 1 directory with 27 updates

Blackdread/rest-filter #397

6.2.3 → 6.2.11 Patch PR
Open 9 months ago
Blackdread
Bump the all-minor-patch group with 11 updates

navikt/arkiv-mock #43

6.2.10 → 6.2.11 Patch PR
Open 9 months ago
navikt
Bump the all-maven-deps group across 3 directories with 87 updates

QuocKhanh2002/craftercms #2

6.2.10 → 6.2.11 Patch PR
Open 9 months ago
QuocKhanh2002
chore(deps): bump the low-risk group across 1 directory with 22 updates

Ensono/stacks-java-cqrs #777

6.2.9 → 6.2.11 Patch PR
Open 9 months ago 1 comment
Ensono
build(deps): bump the low-risk group across 1 directory with 23 updates

Ensono/stacks-java #1524

6.2.9 → 6.2.11 Patch PR
Open 9 months ago 1 comment
Ensono
Bump the gradle-version-updates group across 1 directory with 9 updates

secureCodeBox/secureCodeBox #3299

6.2.10 → 6.2.11 Patch PR
Open 9 months ago 3 comments
secureCodeBox
Bump the maven-security-patches group across 1 directory with 6 updates

FME-MS/fme-api #12

6.2.6 → 6.2.11 Patch PR
Open 9 months ago
FME-MS
Bump the maven group across 0 directory with 2 updates

feder1402/swagger-core #1

3.2.1.RELEASE → 6.1.20 Major PR
Open 9 months ago
feder1402
Bump the all-maven-deps group across 3 directories with 78 updates

QuocKhanh2002/craftercms #1

6.2.10 → 6.2.11 Patch PR
Open 9 months ago
QuocKhanh2002
chore(deps): bump the low-risk group across 1 directory with 21 updates

Ensono/stacks-java-cqrs #774

6.2.9 → 6.2.11 Patch PR
Open 9 months ago 1 comment
Ensono
build(deps): bump the low-risk group across 1 directory with 22 updates

Ensono/stacks-java #1523

6.2.9 → 6.2.11 Patch PR
Open 9 months ago 1 comment
Ensono
Bump the maven group across 9 directories with 11 updates

EthanThePhoenix38/cvemapping #1

5.1.9.RELEASE → 6.1.21 Major PR
Open 9 months ago
EthanThePhoenix38
build(deps): bump org.springframework:spring-web from 6.2.10 to 6.2.11

getyourguide/openapi-validation-java #261

6.2.10 → 6.2.11 Patch PR
Open 9 months ago
getyourguide
build(deps-dev): bump org.springframework:spring-web from 6.2.8 to 6.2.11 in /api-tests

Ensono/stacks-java-cqrs-events #879

6.2.8 → 6.2.11 Patch PR
Open 9 months ago
Ensono
Bump org.springframework:spring-web from 6.2.9 to 6.2.11

oracle/coherence-spring-sockshop-sample #297

6.2.9 → 6.2.11 Patch PR
Open 9 months ago 1 comment
oracle
Bump org.springframework:spring-web from 5.3.23 to 6.2.11

FR4TLIZ/OSO-MiniProjektKP #19

5.3.23 → 6.2.11 Major PR
Open 9 months ago
FR4TLIZ
build(deps): bump the low-risk group across 1 directory with 18 updates

Ensono/stacks-java #1520

6.2.9 → 6.2.11 Patch PR
Open 9 months ago 1 comment
Ensono
Bump org.springframework:spring-web from 5.3.23 to 6.2.11

ghas-lab-templates/SecurityShepherd #47

5.3.23 → 6.2.11 Major PR
Open 9 months ago
ghas-lab-templates
Bump org.springframework:spring-web from 6.2.10 to 6.2.11

BeatrixZselezny/Police-simulation-game-project #102

6.2.10 → 6.2.11 Patch PR
Open 9 months ago
BeatrixZselezny
Bump org.springframework:spring-web from 6.2.10 to 6.2.11

inrupt/solid-client-java #2327

6.2.10 → 6.2.11 Patch PR
Open 9 months ago
inrupt
Package Details
Name: org.springframework:spring-web
Ecosystem: maven
PURL Type: maven
Package URL: pkg:maven/org.springframework:spring-web
JSON API: View JSON
Security Advisories

12

Active advisories
CRITICAL 1
HIGH 4
MODERATE 7
View All maven Advisories
Package Information
Description:

Spring Web

Repository: https://github.com/spring-projects/spring-framework
Homepage: https://github.com/spring-projects/spring-framework
Latest Release: 6.2.7
about 1 year ago
Dependent Repos: 153,377
Dependent Packages: 6,673
Ranking: Top 0.0054% by dependent repos Top 0.0092% by dependent pkgs
PR Status
Open 408 (43.5%)
Merged 186 (19.8%)
Closed 267 (28.4%)
PR Types
Major 275 (29.3%)
Minor 62 (6.6%)
Patch 524 (55.8%)