{"package":"org.springframework.boot:spring-boot","ecosystem":"maven","latest_version":"3.5.3","description":"Spring Boot","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://spring.io/projects/spring-boot","repository":"https://github.com/spring-projects/spring-boot","downloads_weekly":null,"health":{"score":45,"risk":"high","breakdown":{"maintenance":10,"popularity":0,"security":20,"maturity":15,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":1,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2022-27772","severity":"high","summary":"Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot","affected_versions":"<2.2.11.RELEASE|=1.0.0.RELEASE|=1.0.1.RELEASE|=1.0.2.RELEASE|=1.1.0.RELEASE|=1.1.1.RELEASE|=1.1.10.RELEASE|=1.1.11.RELEASE|=1.1.12.RELEASE|=1.1.2.RELEASE|=1.1.3.RELEASE|=1.1.4.RELEASE|=1.1.5.RELEASE|=1.1.6.RELEASE|=1.1.7.RELEASE|=1.1.8.RELEASE|=1.1.9.RELEASE|=1.2.0.RELEASE|=1.2.1.RELEASE|=1.2.2.RELEASE|=1.2.3.RELEASE|=1.2.4.RELEASE|=1.2.5.RELEASE|=1.2.6.RELEASE|=1.2.7.RELEASE|=1.2.8.RELEASE|=1.3.0.RELEASE|=1.3.1.RELEASE|=1.3.2.RELEASE|=1.3.3.RELEASE|=1.3.4.RELEASE|=1.3.5.RELEASE|=1.3.6.RELEASE|=1.3.7.RELEASE|=1.3.8.RELEASE|=1.4.0.RELEASE|=1.4.1.RELEASE|=1.4.2.RELEASE|=1.4.3.RELEASE|=1.4.4.RELEASE|=1.4.5.RELEASE|=1.4.6.RELEASE|=1.4.7.RELEASE|=1.5.0.RELEASE|=1.5.1.RELEASE|=1.5.10.RELEASE|=1.5.11.RELEASE|=1.5.12.RELEASE|=1.5.13.RELEASE|=1.5.14.RELEASE|=1.5.15.RELEASE|=1.5.16.RELEASE|=1.5.17.RELEASE|=1.5.18.RELEASE|=1.5.19.RELEASE|=1.5.2.RELEASE|=1.5.20.RELEASE|=1.5.21.RELEASE|=1.5.22.RELEASE|=1.5.3.RELEASE|=1.5.4.RELEASE|=1.5.5.RELEASE|=1.5.6.RELEASE|=1.5.7.RELEASE|=1.5.8.RELEASE|=1.5.9.RELEASE|=2.0.0.RELEASE|=2.0.1.RELEASE|=2.0.2.RELEASE|=2.0.3.RELEASE|=2.0.4.RELEASE|=2.0.5.RELEASE|=2.0.6.RELEASE|=2.0.7.RELEASE|=2.0.8.RELEASE|=2.0.9.RELEASE|=2.1.0.RELEASE|=2.1.1.RELEASE|=2.1.10.RELEASE|=2.1.11.RELEASE|=2.1.12.RELEASE|=2.1.13.RELEASE|=2.1.14.RELEASE|=2.1.15.RELEASE|=2.1.16.RELEASE|=2.1.17.RELEASE|=2.1.18.RELEASE|=2.1.2.RELEASE|=2.1.3.RELEASE|=2.1.4.RELEASE|=2.1.5.RELEASE|=2.1.6.RELEASE|=2.1.7.RELEASE|=2.1.8.RELEASE|=2.1.9.RELEASE|=2.2.0.RELEASE|=2.2.1.RELEASE|=2.2.10.RELEASE|=2.2.2.RELEASE|=2.2.3.RELEASE|=2.2.4.RELEASE|=2.2.5.RELEASE|=2.2.6.RELEASE|=2.2.7.RELEASE|=2.2.8.RELEASE|=2.2.9.RELEASE","fixed_version":"2.2.11.RELEASE","source":"osv","published_at":"2022-07-11T20:59:02Z","in_kev":false,"epss_prob":0.00442,"epss_percentile":0.63333,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"3.5.3","total_count":252,"recent":["3.5.3","3.5.2","3.5.1","3.4.7","3.3.13","3.5.0","3.4.6","3.3.12","3.4.5","3.3.11","3.4.4","3.3.10","3.4.3","3.3.9","3.4.2","3.3.8","3.4.1","3.3.7","3.4.0","3.3.6"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2025-06-20T05:28:23+00:00","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["1 high severity vulnerabilities"],"use_version":"3.5.3","version_hint":"Update to >= 2.2.11.RELEASE to fix known vulnerabilities","summary":"org.springframework.boot:spring-boot@3.5.3 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":927,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":1,"active_contributors_12m":0,"primary_author_ratio":0.0,"owner_account_age_days":5776,"is_archived":false,"stars":80475,"alerts":["single_active_maintainer_3m"]},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"co_used_with":[{"package":"org.springframework.cloud:spring-cloud-kubernetes-fabric8-autoconfig","occurrences":1}],"version_history_summary":{"total_versions":20,"first_release_age_days":3012,"last_release_days_ago":314,"avg_days_between_releases":159,"release_velocity":"moderate"}}