Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

org.springframework:spring-web

Ecosystem:
maven
Package URL:
pkg:maven/org.springframework:spring-web
Total PRs:
923 Dependabot PRs
Latest PR:
9 days ago
Unique Repositories:
451 repositories
Unique Repos (30 days):
4 repositories
Security Advisories
Spring Web vulnerable to Open Redirect or Server Side Request Forgery
GHSA-ccgv-vj62-xf9h CVE-2024-22243 HIGH published about 2 years ago • updated 27 days ago
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on th...
Pivotal Spring Framework contains unsafe Java deserialization methods
GHSA-4wrc-f8pq-fpqp CVE-2016-1000027 CRITICAL published almost 4 years ago • updated 27 days ago
Pivotal Spring Framework before 6.0.0 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data...
Spring Framework DoS via conditional HTTP request
GHSA-2rmj-mq67-h97g CVE-2024-38809 MODERATE published over 1 year ago • updated 29 days ago
### Description Applications that parse ETags from `If-Match` or `If-None-Match` request headers are vulnerable to DoS attack. ### Affected Spring...
Spring Framework URL Parsing with Host Validation
GHSA-2wrp-6fg6-hmc5 CVE-2024-22262 HIGH published almost 2 years ago • updated 29 days ago
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on th...
Spring Framework URL Parsing with Host Validation Vulnerability
GHSA-hgjh-9rj2-g67j CVE-2024-22259 HIGH published about 2 years ago • updated 29 days ago
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform val...
View all 12 advisories
Recent PRs (filtered by: Patch PRs )
RSS Feed Clear filter
chore(deps): bump the java-minor-patch group across 1 directory with 40 updates

nordic-institute/X-Road #3405

7.0.4 → 7.0.6 Patch PR
Open 9 days ago 3 comments
nordic-institute
chore(deps): bump the production-deps group with 8 updates

MatrixDai/liquibase #25

7.0.5 → 7.0.6 Patch PR
Closed 12 days ago 2 comments
MatrixDai
chore(deps): bump the java-minor-patch group across 1 directory with 49 updates

nordic-institute/X-Road #3385

7.0.1 → 7.0.6 Patch PR
Open 18 days ago 1 comment
nordic-institute
chore(deps): bump the java-minor-patch group across 1 directory with 45 updates

nordic-institute/X-Road #3380

7.0.1 → 7.0.5 Patch PR
Open 21 days ago 2 comments
nordic-institute
Bump the safe-patch-updates group with 20 updates

hhund/dsf #9

6.2.15 → 6.2.16 Patch PR
Closed 23 days ago 1 comment
hhund
chore(deps): bump the java-minor-patch group across 1 directory with 90 updates

nordic-institute/X-Road #3373

7.0.1 → 7.0.5 Patch PR
Closed 25 days ago 2 comments
nordic-institute
Bump org.springframework:spring-web from 7.0.3 to 7.0.5 in /dashgit-updater

javiertuya/dashgit #268

7.0.3 → 7.0.5 Patch PR
Closed about 1 month ago 2 comments
javiertuya
Bump the maven-dependencies group across 1 directory with 20 updates

Blackdread/rest-filter #402

7.0.2 → 7.0.5 Patch PR
Closed about 1 month ago 1 comment
Blackdread
Bump the all-maven-deps group across 3 directories with 46 updates

craftercms/craftercms #8551

7.0.3 → 7.0.4 Patch PR
Closed about 1 month ago 1 comment
craftercms
Bump org.springframework:spring-web from 7.0.3 to 7.0.4

PCGen/pcgen #7512

7.0.3 → 7.0.4 Patch PR
Closed about 2 months ago 2 comments
PCGen
Build(deps): Bump org.springframework:spring-web from 6.2.7 to 6.2.8 in /json-io-spring

jdereg/json-io #430

6.2.7 → 6.2.8 Patch PR
Closed 2 months ago 2 comments
jdereg
Bump the java group across 1 directory with 15 updates

openviglet/dumont #16

7.0.2 → 7.0.3 Patch PR
Closed 2 months ago 1 comment
openviglet
Bump org.springframework:spring-web from 7.0.2 to 7.0.3

avereon/seenc #28

7.0.2 → 7.0.3 Patch PR
Closed 2 months ago 1 comment
avereon
chore(deps): bump the production-deps group with 6 updates

liquibase/liquibase #7524

7.0.2 → 7.0.3 Patch PR
Open 3 months ago 4 comments
liquibase
chore(deps): bump the production-deps group with 6 updates

liquibase/liquibase #7517

7.0.2 → 7.0.3 Patch PR
Closed 3 months ago 3 comments
liquibase
Bump the all-maven-deps group across 3 directories with 86 updates

craftercms/craftercms #8474

7.0.1 → 7.0.2 Patch PR
Open 3 months ago 3 comments
craftercms
Bump the all-maven-deps group across 3 directories with 121 updates

craftercms/craftercms #8464

7.0.1 → 7.0.2 Patch PR
Closed 3 months ago 1 comment
craftercms
Bump the all-maven-deps group across 3 directories with 118 updates

craftercms/craftercms #8460

7.0.1 → 7.0.2 Patch PR
Closed 4 months ago 1 comment
craftercms
Bump the gradle-version-updates group in /hooks/persistence-defectdojo/hook with 4 updates

secureCodeBox/secureCodeBox #3418

7.0.1 → 7.0.2 Patch PR
Open 4 months ago 4 comments
secureCodeBox
[DT-400-gradle]: Bump the gradle-patch-updates group with 4 updates

DataBiosphere/stairway #208

7.0.1 → 7.0.2 Patch PR
Open 4 months ago 2 comments
DataBiosphere
build(deps): bump the spring group across 1 directory with 13 updates

DSpace/DSpace #11620

6.2.12 → 6.2.13 Patch PR
Closed 4 months ago 1 comment
DSpace
build(deps): bump the spring group with 12 updates

DSpace/DSpace #11583

6.2.12 → 6.2.13 Patch PR
Closed 4 months ago 1 comment
DSpace
Bump the all-maven-deps group across 3 directories with 99 updates

QuocKhanh2002/craftercms #6

6.2.10 → 6.2.12 Patch PR
Closed 5 months ago 1 comment
QuocKhanh2002
chore(deps): bump the low-risk group in /api-tests with 23 updates

Ensono/stacks-java-cqrs #792

6.2.9 → 6.2.12 Patch PR
Closed 5 months ago 1 comment
Ensono
Bump the gradle-version-updates group in /hooks/persistence-defectdojo/hook with 2 updates

secureCodeBox/secureCodeBox #3333

6.2.11 → 6.2.12 Patch PR
Open 5 months ago 2 comments
secureCodeBox
Bump org.springframework:spring-web from 6.2.2 to 6.2.12

dungeon-hub/dungeon-hub-api #42

6.2.2 → 6.2.12 Patch PR
Closed 5 months ago 1 comment
dungeon-hub
Bump org.springframework:spring-web from 6.2.11 to 6.2.12

sullis/microbenchmarks-java #192

6.2.11 → 6.2.12 Patch PR
Merged 6 months ago
sullis
Gradle: Bump org.springframework:spring-web from 6.2.9 to 6.2.12

Cosmo-Tech/cosmotech-api-common #375

6.2.9 → 6.2.12 Patch PR
Open 6 months ago
Cosmo-Tech
Bump org.springframework:spring-web from 6.2.5 to 6.2.12

SparkArmy/SparkArmyBot #228

6.2.5 → 6.2.12 Patch PR
Open 6 months ago
SparkArmy
chore(deps): bump the low-risk group across 1 directory with 25 updates

Ensono/stacks-java-cqrs #785

6.2.9 → 6.2.11 Patch PR
Closed 6 months ago 1 comment
Ensono
Build(deps-dev): Bump org.springframework:spring-web from 6.2.10 to 6.2.11

apache/struts-examples #503

6.2.10 → 6.2.11 Patch PR
Closed 6 months ago 1 comment
apache
build(deps): Bump org.springframework:spring-web from 6.1.14 to 6.1.21 in /form-spring

OpenFeign/feign #3070

6.1.14 → 6.1.21 Patch PR
Open 6 months ago
OpenFeign
build(deps): bump the low-risk group across 1 directory with 25 updates

Ensono/stacks-java #1526

6.2.9 → 6.2.11 Patch PR
Open 6 months ago
Ensono
Bump org.springframework:spring-web from 6.2.10 to 6.2.11 in /dashgit-updater

javiertuya/dashgit #229

6.2.10 → 6.2.11 Patch PR
Closed 6 months ago 2 comments
javiertuya
Bump the all-minor-patch group with 18 updates

navikt/soknadsmottaker #155

6.2.10 → 6.2.11 Patch PR
Open 6 months ago
navikt
Bump the all-minor-patch group with 53 updates

navikt/tilbakemeldingsmottak-api #288

6.2.9 → 6.2.11 Patch PR
Open 6 months ago
navikt
Bump the spring group with 28 updates

DSpace/DSpace #11391

6.2.10 → 6.2.11 Patch PR
Merged 6 months ago
DSpace
Bump the spring group with 25 updates

DSpace/DSpace #11373

6.2.10 → 6.2.11 Patch PR
Merged 6 months ago
DSpace
Bump the spring group with 28 updates

DSpace/DSpace #11365

6.2.10 → 6.2.11 Patch PR
Open 6 months ago
DSpace
Bump the maven-dependencies group across 1 directory with 27 updates

Blackdread/rest-filter #397

6.2.3 → 6.2.11 Patch PR
Open 6 months ago
Blackdread
Bump the all-minor-patch group with 11 updates

navikt/arkiv-mock #43

6.2.10 → 6.2.11 Patch PR
Open 6 months ago
navikt
Bump the all-maven-deps group across 3 directories with 87 updates

QuocKhanh2002/craftercms #2

6.2.10 → 6.2.11 Patch PR
Open 6 months ago
QuocKhanh2002
chore(deps): bump the low-risk group across 1 directory with 22 updates

Ensono/stacks-java-cqrs #777

6.2.9 → 6.2.11 Patch PR
Open 6 months ago 1 comment
Ensono
build(deps): bump the low-risk group across 1 directory with 23 updates

Ensono/stacks-java #1524

6.2.9 → 6.2.11 Patch PR
Open 6 months ago 1 comment
Ensono
Bump the gradle-version-updates group across 1 directory with 9 updates

secureCodeBox/secureCodeBox #3299

6.2.10 → 6.2.11 Patch PR
Open 6 months ago 3 comments
secureCodeBox
Bump the maven-security-patches group across 1 directory with 6 updates

FME-MS/fme-api #12

6.2.6 → 6.2.11 Patch PR
Open 6 months ago
FME-MS
Bump the all-maven-deps group across 3 directories with 78 updates

QuocKhanh2002/craftercms #1

6.2.10 → 6.2.11 Patch PR
Open 6 months ago
QuocKhanh2002
chore(deps): bump the low-risk group across 1 directory with 21 updates

Ensono/stacks-java-cqrs #774

6.2.9 → 6.2.11 Patch PR
Open 6 months ago 1 comment
Ensono
Bump the maven-security-patches group across 1 directory with 5 updates

FME-MS/fme-api #11

6.2.6 → 6.2.11 Patch PR
Closed 6 months ago 1 comment
FME-MS
build(deps): bump the low-risk group across 1 directory with 22 updates

Ensono/stacks-java #1523

6.2.9 → 6.2.11 Patch PR
Open 6 months ago 1 comment
Ensono
Package Details
Name: org.springframework:spring-web
Ecosystem: maven
PURL Type: maven
Package URL: pkg:maven/org.springframework:spring-web
JSON API: View JSON
Security Advisories

12

Active advisories
CRITICAL 1
HIGH 4
MODERATE 7
View All maven Advisories
Package Information
Description:

Spring Web

Repository: https://github.com/spring-projects/spring-framework
Homepage: https://github.com/spring-projects/spring-framework
Latest Release: 6.2.7
11 months ago
Dependent Repos: 153,377
Dependent Packages: 6,673
Ranking: Top 0.0054% by dependent repos Top 0.0092% by dependent pkgs
PR Status
Open 406 (44.0%)
Merged 186 (20.2%)
Closed 253 (27.4%)
PR Types
Major 267 (28.9%)
Patch 516 (55.9%)
Minor 62 (6.7%)