{"package":"org.springframework:spring-messaging","ecosystem":"maven","latest_version":"7.0.0-M6","description":"Spring Messaging","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/spring-projects/spring-framework","repository":"https://github.com/spring-projects/spring-framework","downloads_weekly":null,"health":{"score":38,"risk":"critical","breakdown":{"maintenance":10,"popularity":0,"security":3,"maturity":15,"community":10},"deprecated":false,"max_score":100},"vulnerabilities":{"count":3,"critical":2,"high":0,"medium":1,"low":0,"details":[{"vuln_id":"CVE-2018-1275","severity":"critical","summary":"Spring Framework has Improperly Implemented Security Check for Standard","affected_versions":"<4.3.16.RELEASE|>=5.0.0.RELEASE,<5.0.5.RELEASE|=4.0.0.RELEASE|=4.0.1.RELEASE|=4.0.2.RELEASE|=4.0.3.RELEASE|=4.0.4.RELEASE|=4.0.5.RELEASE|=4.0.6.RELEASE|=4.0.7.RELEASE|=4.0.8.RELEASE|=4.0.9.RELEASE|=4.1.0.RELEASE|=4.1.1.RELEASE|=4.1.2.RELEASE|=4.1.3.RELEASE|=4.1.4.RELEASE|=4.1.5.RELEASE|=4.1.6.RELEASE|=4.1.7.RELEASE|=4.1.8.RELEASE|=4.1.9.RELEASE|=4.2.0.RELEASE|=4.2.1.RELEASE|=4.2.2.RELEASE|=4.2.3.RELEASE|=4.2.4.RELEASE|=4.2.5.RELEASE|=4.2.6.RELEASE|=4.2.7.RELEASE|=4.2.8.RELEASE|=4.2.9.RELEASE|=4.3.0.RELEASE|=4.3.1.RELEASE|=4.3.10.RELEASE|=4.3.11.RELEASE|=4.3.12.RELEASE|=4.3.13.RELEASE|=4.3.14.RELEASE|=4.3.15.RELEASE|=4.3.2.RELEASE|=4.3.3.RELEASE|=4.3.4.RELEASE|=4.3.5.RELEASE|=4.3.6.RELEASE|=4.3.7.RELEASE|=4.3.8.RELEASE|=4.3.9.RELEASE|=5.0.0.RELEASE|=5.0.1.RELEASE|=5.0.2.RELEASE|=5.0.3.RELEASE|=5.0.4.RELEASE","fixed_version":"5.0.5.RELEASE","source":"osv","published_at":"2018-10-17T20:28:00Z","in_kev":false,"epss_prob":0.38064,"epss_percentile":0.97232,"threat_tier":"theoretical"},{"vuln_id":"CVE-2018-1270","severity":"critical","summary":"Spring Framework allows applications to expose STOMP over WebSocket endpoints","affected_versions":">=5.0.0.RELEASE,<5.0.5.RELEASE|<4.3.16.RELEASE|=5.0.0.RELEASE|=5.0.1.RELEASE|=5.0.2.RELEASE|=5.0.3.RELEASE|=5.0.4.RELEASE|=4.0.0.RELEASE|=4.0.1.RELEASE|=4.0.2.RELEASE|=4.0.3.RELEASE|=4.0.4.RELEASE|=4.0.5.RELEASE|=4.0.6.RELEASE|=4.0.7.RELEASE|=4.0.8.RELEASE|=4.0.9.RELEASE|=4.1.0.RELEASE|=4.1.1.RELEASE|=4.1.2.RELEASE|=4.1.3.RELEASE|=4.1.4.RELEASE|=4.1.5.RELEASE|=4.1.6.RELEASE|=4.1.7.RELEASE|=4.1.8.RELEASE|=4.1.9.RELEASE|=4.2.0.RELEASE|=4.2.1.RELEASE|=4.2.2.RELEASE|=4.2.3.RELEASE|=4.2.4.RELEASE|=4.2.5.RELEASE|=4.2.6.RELEASE|=4.2.7.RELEASE|=4.2.8.RELEASE|=4.2.9.RELEASE|=4.3.0.RELEASE|=4.3.1.RELEASE|=4.3.10.RELEASE|=4.3.11.RELEASE|=4.3.12.RELEASE|=4.3.13.RELEASE|=4.3.14.RELEASE|=4.3.15.RELEASE|=4.3.2.RELEASE|=4.3.3.RELEASE|=4.3.4.RELEASE|=4.3.5.RELEASE|=4.3.6.RELEASE|=4.3.7.RELEASE|=4.3.8.RELEASE|=4.3.9.RELEASE","fixed_version":"4.3.16.RELEASE","source":"osv","published_at":"2018-10-17T20:05:59Z","in_kev":false,"epss_prob":0.89954,"epss_percentile":0.99582,"threat_tier":"likely_exploited"},{"vuln_id":"CVE-2022-22971","severity":"medium","summary":"Allocation of Resources Without Limits or Throttling in Spring Framework","affected_versions":">=5.3.0,<5.3.20|<5.2.22.RELEASE|=5.3.0|=5.3.1|=5.3.10|=5.3.11|=5.3.12|=5.3.13|=5.3.14|=5.3.15|=5.3.16|=5.3.17|=5.3.18|=5.3.19|=5.3.2|=5.3.3|=5.3.4|=5.3.5|=5.3.6|=5.3.7|=5.3.8|=5.3.9|=4.0.0.RELEASE|=4.0.1.RELEASE|=4.0.2.RELEASE|=4.0.3.RELEASE|=4.0.4.RELEASE|=4.0.5.RELEASE|=4.0.6.RELEASE|=4.0.7.RELEASE|=4.0.8.RELEASE|=4.0.9.RELEASE|=4.1.0.RELEASE|=4.1.1.RELEASE|=4.1.2.RELEASE|=4.1.3.RELEASE|=4.1.4.RELEASE|=4.1.5.RELEASE|=4.1.6.RELEASE|=4.1.7.RELEASE|=4.1.8.RELEASE|=4.1.9.RELEASE|=4.2.0.RELEASE|=4.2.1.RELEASE|=4.2.2.RELEASE|=4.2.3.RELEASE|=4.2.4.RELEASE|=4.2.5.RELEASE|=4.2.6.RELEASE|=4.2.7.RELEASE|=4.2.8.RELEASE|=4.2.9.RELEASE|=4.3.0.RELEASE|=4.3.1.RELEASE|=4.3.10.RELEASE|=4.3.11.RELEASE|=4.3.12.RELEASE|=4.3.13.RELEASE|=4.3.14.RELEASE|=4.3.15.RELEASE|=4.3.16.RELEASE|=4.3.17.RELEASE|=4.3.18.RELEASE|=4.3.19.RELEASE|=4.3.2.RELEASE|=4.3.20.RELEASE|=4.3.21.RELEASE|=4.3.22.RELEASE|=4.3.23.RELEASE|=4.3.24.RELEASE|=4.3.25.RELEASE|=4.3.26.RELEASE|=4.3.27.RELEASE|=4.3.28.RELEASE|=4.3.29.RELEASE|=4.3.3.RELEASE|=4.3.30.RELEASE|=4.3.4.RELEASE|=4.3.5.RELEASE|=4.3.6.RELEASE|=4.3.7.RELEASE|=4.3.8.RELEASE|=4.3.9.RELEASE|=5.0.0.RELEASE|=5.0.1.RELEASE|=5.0.10.RELEASE|=5.0.11.RELEASE|=5.0.12.RELEASE|=5.0.13.RELEASE|=5.0.14.RELEASE|=5.0.15.RELEASE|=5.0.16.RELEASE|=5.0.17.RELEASE|=5.0.18.RELEASE|=5.0.19.RELEASE|=5.0.2.RELEASE|=5.0.20.RELEASE|=5.0.3.RELEASE|=5.0.4.RELEASE|=5.0.5.RELEASE|=5.0.6.RELEASE|=5.0.7.RELEASE|=5.0.8.RELEASE|=5.0.9.RELEASE|=5.1.0.RELEASE|=5.1.1.RELEASE|=5.1.10.RELEASE|=5.1.11.RELEASE|=5.1.12.RELEASE|=5.1.13.RELEASE|=5.1.14.RELEASE|=5.1.15.RELEASE|=5.1.16.RELEASE|=5.1.17.RELEASE|=5.1.18.RELEASE|=5.1.19.RELEASE|=5.1.2.RELEASE|=5.1.20.RELEASE|=5.1.3.RELEASE|=5.1.4.RELEASE|=5.1.5.RELEASE|=5.1.6.RELEASE|=5.1.7.RELEASE|=5.1.8.RELEASE|=5.1.9.RELEASE|=5.2.0.RELEASE|=5.2.1.RELEASE|=5.2.10.RELEASE|=5.2.11.RELEASE|=5.2.12.RELEASE|=5.2.13.RELEASE|=5.2.14.RELEASE|=5.2.15.RELEASE|=5.2.16.RELEASE|=5.2.17.RELEASE|=5.2.18.RELEASE|=5.2.19.RELEASE|=5.2.2.RELEASE|=5.2.20.RELEASE|=5.2.21.RELEASE|=5.2.3.RELEASE|=5.2.4.RELEASE|=5.2.5.RELEASE|=5.2.6.RELEASE|=5.2.7.RELEASE|=5.2.8.RELEASE|=5.2.9.RELEASE","fixed_version":"5.2.22.RELEASE","source":"osv","published_at":"2022-05-13T00:00:29Z","in_kev":false,"epss_prob":0.00338,"epss_percentile":0.56564,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":1},"versions":{"latest":"7.0.0-M6","total_count":230,"recent":["7.0.0-M6","6.2.8","6.1.21","7.0.0-M5","6.2.7","6.1.20","7.0.0-M4","6.2.6","6.1.19","6.2.5","7.0.0-M3","6.2.4","6.1.18","7.0.0-M2","6.2.3","6.1.17","7.0.0-M1","6.2.2","6.2.1","6.1.16"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2025-06-12T10:14:14+00:00","dependencies_count":0,"dependencies":[]},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["Low health score (38/100)","2 critical vulnerabilities"],"use_version":"7.0.0-M6","version_hint":"Update to >= 5.2.22.RELEASE to fix known vulnerabilities","summary":"org.springframework:spring-messaging has critical vulnerabilities — do not use"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":1148,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":16,"active_contributors_12m":16,"primary_author_ratio":0.6,"owner_account_age_days":5775,"is_archived":false,"stars":59858,"alerts":[]},"malicious":{"is_malicious":false},"scorecard":{"available":true,"score":5.7,"tier":"moderate"},"quality":{"available":false}}