Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

org.springframework:spring-web

Ecosystem:
maven
Package URL:
pkg:maven/org.springframework:spring-web
Total PRs:
939 Dependabot PRs
Latest PR:
about 1 month ago
Unique Repositories:
459 repositories
Unique Repos (30 days):
3 repositories
Security Advisories
Spring Framework Cross Site Tracing (XST)
GHSA-9gcm-f4x3-8jpw CVE-2018-11039 MODERATE published over 7 years ago • updated about 17 hours ago
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change t...
Pivotal Spring Framework contains unsafe Java deserialization methods
GHSA-4wrc-f8pq-fpqp CVE-2016-1000027 CRITICAL published about 4 years ago • updated about 2 months ago
Pivotal Spring Framework before 6.0.0 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data...
Cross-Site Request Forgery in Spring Framework
GHSA-g6hf-f9cq-q7w7 CVE-2013-6429 MODERATE published about 4 years ago • updated about 2 months ago
The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resol...
Spring Framework URL Parsing with Host Validation Vulnerability
GHSA-hgjh-9rj2-g67j CVE-2024-22259 HIGH published about 2 years ago • updated 7 days ago
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform val...
Spring Framework vulnerable to a reflected file download (RFD)
GHSA-6r3c-xf4w-jxjm CVE-2025-41234 MODERATE published about 1 year ago • updated 17 days ago
### Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file downlo...
View all 12 advisories
Recent PRs (filtered by: Major PRs )
RSS Feed Clear filter
Bump the maven group across 18 directories with 24 updates

abrahem79/glowroot #5

2.0.8 → 5.3.38 Major PR
Open about 2 months ago 2 comments
abrahem79
chore(deps): bump org.springframework:spring-web from 5.3.31 to 7.0.7

mjeanroy/springmvc-mustache #1073

5.3.31 → 7.0.7 Major PR
Closed about 2 months ago 1 comment
mjeanroy
Bump the maven group across 22 directories with 18 updates

veteranbv/nifi #6

4.3.10.RELEASE → 6.1.21 Major PR
Closed 2 months ago 1 comment
veteranbv
Bump org.springframework:spring-web from 5.1.13.RELEASE to 6.1.21 in /traffic-manager

think-ke/ws02-API-Library #4

5.1.13.RELEASE → 6.1.21 Major PR
Closed 2 months ago 1 comment
think-ke
Bump org.springframework:spring-web from 5.3.39 to 7.0.6

adaptris/interlok-cache #822

5.3.39 → 7.0.6 Major PR
Closed 3 months ago 1 comment
adaptris
Bump org.springframework:spring-web from 5.3.39 to 7.0.6

adaptris/interlok-cache #821

5.3.39 → 7.0.6 Major PR
Closed 3 months ago 1 comment
adaptris
Bump the spring-framework group with 5 updates

inetsoft-technology/datatest #26

6.2.10 → 7.0.5 Major PR
Open 3 months ago 1 comment
inetsoft-technology
Bump the maven group across 9 directories with 21 updates

yathin51/tutorials #18

4.3.4.RELEASE → 6.1.21 Major PR
Closed 3 months ago 1 comment
yathin51
chore(deps): bump org.springframework:spring-web from 5.3.39 to 6.1.21 in /sa-token-spring-boot2-dependencies

dromara/Sa-Token #904

5.3.39 → 6.1.21 Major PR
Closed 4 months ago 1 comment
dromara
Bump the maven group across 3 directories with 8 updates

Excecrable/javamelody #5

3.1.0.RELEASE → 6.1.21 Major PR
Closed 4 months ago 1 comment
Excecrable
Bump org.springframework:spring-web from 5.3.39 to 7.0.5

adaptris/interlok-cache #813

5.3.39 → 7.0.5 Major PR
Closed 4 months ago 1 comment
adaptris
Bump org.springframework:spring-web from 5.3.39 to 7.0.5

adaptris/interlok-cache #811

5.3.39 → 7.0.5 Major PR
Closed 4 months ago 1 comment
adaptris
Bump org.springframework:spring-web from 3.2.0.RELEASE to 6.1.21 in /sample-web-app

aliz-ai/java2typescript #8

3.2.0.RELEASE → 6.1.21 Major PR
Closed 4 months ago 1 comment
aliz-ai
Bump the maven group across 27 directories with 24 updates

abhinavm24/tutorials #13

4.3.8.RELEASE → 6.1.21 Major PR
Closed 4 months ago 1 comment
abhinavm24
deps: bump org.springframework:spring-web from 6.0.6 to 7.0.4

Mattilsynet/produksjonsdyr-api #181

6.0.6 → 7.0.4 Major PR
Closed 4 months ago 1 comment
Mattilsynet
deps(deps): bump the maven group across 1 directory with 9 updates

cbwinslow/OpenLegislation-local-dev #275

5.3.39 → 6.1.21 Major PR
Open 4 months ago 9 comments
cbwinslow
Bump org.springframework:spring-web from 6.2.8 to 7.0.4

dungeon-hub/dungeon-hub-api #48

6.2.8 → 7.0.4 Major PR
Closed 4 months ago 1 comment
dungeon-hub
Bump org.springframework:spring-web from 5.3.39 to 7.0.4

adaptris/interlok-cache #806

5.3.39 → 7.0.4 Major PR
Closed 4 months ago 1 comment
adaptris
chore(deps): bump org.springframework:spring-web from 5.3.31 to 7.0.4

mjeanroy/springmvc-mustache #1042

5.3.31 → 7.0.4 Major PR
Closed 4 months ago 1 comment
mjeanroy
chore(deps): Bump org.springframework:spring-web from 6.2.11 to 7.0.3 in /backend

raimonvibe/chatbot-java-spring-ai #118

6.2.11 → 7.0.3 Major PR
Open 4 months ago 2 comments
raimonvibe
Bump the maven group across 1 directory with 2 updates

nanamix/scouter #1

4.3.18.RELEASE → 6.1.21 Major PR
Closed 5 months ago 1 comment
nanamix
chore: [DevOps] bump the production-major group across 1 directory with 9 updates

SAP/ai-sdk-java #701

6.2.12 → 7.0.2 Major PR
Closed 6 months ago 1 comment
SAP
Bump the all-maven-deps group across 3 directories with 63 updates

craftercms/craftercms #8480

6.2.15 → 7.0.2 Major PR
Closed 6 months ago 2 comments
craftercms
Bump the all-maven-deps group across 3 directories with 64 updates

craftercms/craftercms #8479

6.2.15 → 7.0.2 Major PR
Open 6 months ago 4 comments
craftercms
Bump the all-maven-deps group across 3 directories with 64 updates

craftercms/craftercms #8478

6.2.15 → 7.0.2 Major PR
Open 6 months ago 7 comments
craftercms
Bump the all-maven-deps group across 3 directories with 122 updates

QuocKhanh2002/craftercms #13

6.2.10 → 7.0.2 Major PR
Closed 6 months ago 1 comment
QuocKhanh2002
Bump org.springframework:spring-web from 5.3.39 to 7.0.2

adaptris/interlok-cache #782

5.3.39 → 7.0.2 Major PR
Closed 6 months ago 1 comment
adaptris
Bump org.springframework:spring-web from 5.3.32 to 7.0.2

liftwizard/liftwizard #3235

5.3.32 → 7.0.2 Major PR
Closed 6 months ago 1 comment
liftwizard
chore(deps): bump org.springframework:spring-web from 5.3.31 to 7.0.2

mjeanroy/springmvc-mustache #1016

5.3.31 → 7.0.2 Major PR
Closed 6 months ago 1 comment
mjeanroy
fix: bump the other-dependencies group with 20 updates

lsd-consulting/spring-wiremock-stub-generator #122

6.2.6 → 7.0.1 Major PR
Closed 6 months ago 2 comments
lsd-consulting
Bump org.springframework:spring-web from 5.3.32 to 7.0.1

liftwizard/liftwizard #3187

5.3.32 → 7.0.1 Major PR
Open 7 months ago 1 comment
liftwizard
Bump the maven-dependencies group across 1 directory with 19 updates

Blackdread/rest-filter #399

6.2.11 → 7.0.1 Major PR
Closed 7 months ago 1 comment
Blackdread
fix: bump the other-dependencies group across 1 directory with 20 updates

lsd-consulting/spring-wiremock-stub-generator #120

6.2.6 → 7.0.1 Major PR
Closed 7 months ago 1 comment
lsd-consulting
Bump org.springframework:spring-web from 6.2.12 to 7.0.1

UnitVectorY-Labs/jsonschema4springboot #150

6.2.12 → 7.0.1 Major PR
Closed 7 months ago 2 comments
UnitVectorY-Labs
Bump org.springframework:spring-web from 6.2.12 to 7.0.1

openapi-processor/openapi-processor-spring #394

6.2.12 → 7.0.1 Major PR
Closed 7 months ago 1 comment
openapi-processor
Bump org.springframework:spring-web from 5.3.39 to 6.1.21

Cognia-TestLab/BenchmarkJava #3

5.3.39 → 6.1.21 Major PR
Open 7 months ago 1 comment
Cognia-TestLab
Bump the all-maven-deps group across 3 directories with 109 updates

craftercms/craftercms #8442

6.2.12 → 7.0.0 Major PR
Closed 7 months ago 1 comment
craftercms
Bump org.springframework:spring-web from 6.2.12 to 7.0.0 in /hooks/persistence-defectdojo/hook in the gradle-version-updates group

secureCodeBox/secureCodeBox #3372

6.2.12 → 7.0.0 Major PR
Open 7 months ago 2 comments
secureCodeBox
Bump org.springframework:spring-web from 6.2.12 to 7.0.0

UnitVectorY-Labs/jsonschema4springboot #148

6.2.12 → 7.0.0 Major PR
Closed 7 months ago 1 comment
UnitVectorY-Labs
deps: Bump org.springframework:spring-web from 6.1.21 to 7.0.0

arconia-io/arconia-migrations #134

6.1.21 → 7.0.0 Major PR
Open 7 months ago 1 comment
arconia-io
build(deps): Bump org.springframework:spring-web from 6.2.11 to 7.0.0

OpenFeign/feign #3116

6.2.11 → 7.0.0 Major PR
Open 7 months ago 1 comment
OpenFeign
Bump org.springframework:spring-web from 5.3.39 to 6.2.12

adaptris/interlok-cache #750

5.3.39 → 6.2.12 Major PR
Closed 8 months ago 1 comment
adaptris
Bump org.springframework:spring-web from 4.3.0.RELEASE to 6.2.11

abdullahfouad/vulns2 #4

4.3.0.RELEASE → 6.2.11 Major PR
Closed 8 months ago 1 comment
abdullahfouad
Bump org.springframework:spring-web from 5.3.36 to 6.1.21

marcomarasca/Synapse-Repository-Services #36

5.3.36 → 6.1.21 Major PR
Open 8 months ago
marcomarasca
Bump org.springframework:spring-web from 5.2.3.RELEASE to 6.2.11

green-code-initiative/creedengo-php #71

5.2.3.RELEASE → 6.2.11 Major PR
Open 9 months ago
green-code-initiative
Bump the maven group across 0 directory with 2 updates

feder1402/swagger-core #1

3.2.1.RELEASE → 6.1.20 Major PR
Open 9 months ago
feder1402
Bump the maven group across 9 directories with 11 updates

EthanThePhoenix38/cvemapping #1

5.1.9.RELEASE → 6.1.21 Major PR
Open 9 months ago
EthanThePhoenix38
Bump org.springframework:spring-web from 5.3.23 to 6.2.11

FR4TLIZ/OSO-MiniProjektKP #19

5.3.23 → 6.2.11 Major PR
Open 9 months ago
FR4TLIZ
Bump org.springframework:spring-web from 5.3.23 to 6.2.11

ghas-lab-templates/SecurityShepherd #47

5.3.23 → 6.2.11 Major PR
Open 9 months ago
ghas-lab-templates
Bump org.springframework:spring-web from 5.3.39 to 6.2.11

adaptris/interlok-cache #728

5.3.39 → 6.2.11 Major PR
Open 9 months ago
adaptris
Package Details
Name: org.springframework:spring-web
Ecosystem: maven
PURL Type: maven
Package URL: pkg:maven/org.springframework:spring-web
JSON API: View JSON
Security Advisories

12

Active advisories
CRITICAL 1
HIGH 4
MODERATE 7
View All maven Advisories
Package Information
Description:

Spring Web

Repository: https://github.com/spring-projects/spring-framework
Homepage: https://github.com/spring-projects/spring-framework
Latest Release: 6.2.7
about 1 year ago
Dependent Repos: 153,377
Dependent Packages: 6,673
Ranking: Top 0.0054% by dependent repos Top 0.0092% by dependent pkgs
PR Status
Open 408 (43.5%)
Merged 186 (19.8%)
Closed 267 (28.4%)
PR Types
Major 275 (29.3%)
Minor 62 (6.6%)
Patch 524 (55.8%)