{"package":"org.springframework:spring-oxm","ecosystem":"maven","latest_version":"7.0.0-M6","description":"Spring Object/XML Marshalling","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/spring-projects/spring-framework","repository":"https://github.com/spring-projects/spring-framework","downloads_weekly":null,"health":{"score":46,"risk":"high","breakdown":{"maintenance":10,"popularity":0,"security":21,"maturity":15,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":2,"critical":0,"high":0,"medium":2,"low":0,"details":[{"vuln_id":"CVE-2013-4152","severity":"medium","summary":"Cross-Site Request Forgery in Spring Framework","affected_versions":"<3.2.4.RELEASE|=3.0.0.RELEASE|=3.0.1.RELEASE|=3.0.2.RELEASE|=3.0.3.RELEASE|=3.0.4.RELEASE|=3.0.5.RELEASE|=3.0.6.RELEASE|=3.0.7.RELEASE|=3.1.0.RELEASE|=3.1.1.RELEASE|=3.1.2.RELEASE|=3.1.3.RELEASE|=3.1.4.RELEASE|=3.2.0.RELEASE|=3.2.1.RELEASE|=3.2.2.RELEASE|=3.2.3.RELEASE","fixed_version":"3.2.4.RELEASE","source":"osv","published_at":"2022-05-13T01:02:38Z","in_kev":false,"epss_prob":0.72323,"epss_percentile":0.98769,"threat_tier":"likely_exploited"},{"vuln_id":"CVE-2013-7315","severity":"medium","summary":"Missing XML Validation in Spring Framework","affected_versions":"<3.2.4.RELEASE|=3.0.0.RELEASE|=3.0.1.RELEASE|=3.0.2.RELEASE|=3.0.3.RELEASE|=3.0.4.RELEASE|=3.0.5.RELEASE|=3.0.6.RELEASE|=3.0.7.RELEASE|=3.1.0.RELEASE|=3.1.1.RELEASE|=3.1.2.RELEASE|=3.1.3.RELEASE|=3.1.4.RELEASE|=3.2.0.RELEASE|=3.2.1.RELEASE|=3.2.2.RELEASE|=3.2.3.RELEASE","fixed_version":"3.2.4.RELEASE","source":"osv","published_at":"2022-05-13T01:02:38Z","in_kev":false,"epss_prob":0.00243,"epss_percentile":0.47559,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":1},"versions":{"latest":"7.0.0-M6","total_count":262,"recent":["7.0.0-M6","6.2.8","6.1.21","7.0.0-M5","6.2.7","6.1.20","7.0.0-M4","6.2.6","6.1.19","6.2.5","7.0.0-M3","6.2.4","6.1.18","7.0.0-M2","6.2.3","6.1.17","7.0.0-M1","6.2.2","6.2.1","6.1.16"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2025-06-12T10:14:12+00:00","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"7.0.0-M6","version_hint":"Update to >= 3.2.4.RELEASE to fix known vulnerabilities","summary":"org.springframework:spring-oxm@7.0.0-M6 is safe to use (health: 46/100)"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":742,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":16,"active_contributors_12m":16,"primary_author_ratio":0.6,"owner_account_age_days":5775,"is_archived":false,"stars":59858,"alerts":[]},"malicious":{"is_malicious":false},"scorecard":{"available":true,"score":5.7,"tier":"moderate"},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":3510,"last_release_days_ago":322,"avg_days_between_releases":185,"release_velocity":"moderate"}}