{"package":"org.springframework.boot:spring-boot-starter-actuator","ecosystem":"maven","latest_version":"3.5.3","description":"Starter for using Spring Boot's Actuator which provides production ready features to help you monitor and manage your application","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"","repository":"https://github.com/spring-projects/spring-boot","downloads_weekly":740750,"health":{"score":51,"risk":"high","breakdown":{"maintenance":10,"popularity":14,"security":15,"maturity":12,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":2,"critical":0,"high":2,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2026-22731","severity":"high","summary":"Spring Boot has an Authentication Bypass under Actuator Health groups paths","affected_versions":">=3.4.0,<=3.4.13|>=3.5.0,<3.5.12|>=4.0.0-M1,<4.0.4|=3.4.0|=3.4.1|=3.4.10|=3.4.11|=3.4.12|=3.4.13|=3.4.2|=3.4.3|=3.4.4|=3.4.5|=3.4.6|=3.4.7|=3.4.8|=3.4.9|=3.5.0|=3.5.1|=3.5.10|=3.5.11|=3.5.2|=3.5.3|=3.5.4|=3.5.5|=3.5.6|=3.5.7|=3.5.8|=3.5.9|=4.0.0|=4.0.0-M1|=4.0.0-M2|=4.0.0-M3|=4.0.0-RC1|=4.0.0-RC2|=4.0.1|=4.0.2|=4.0.3","fixed_version":"4.0.4","source":"osv","published_at":"2026-03-20T00:31:28Z","in_kev":false,"epss_prob":0.00027,"epss_percentile":0.07589,"threat_tier":"theoretical"},{"vuln_id":"CVE-2026-22733","severity":"high","summary":"Spring Boot has an Authentication Bypass under Actuator CloudFoundry endpoints","affected_versions":">=4.0.0-M1,<4.0.4|>=3.5.0,<3.5.12|>=3.4.0,<=3.4.13|>=3.0.0,<=3.3.13|<=2.7.18|=4.0.0|=4.0.0-M1|=4.0.0-M2|=4.0.0-M3|=4.0.0-RC1|=4.0.0-RC2|=4.0.1|=4.0.2|=4.0.3|=3.5.0|=3.5.1|=3.5.10|=3.5.11|=3.5.2|=3.5.3|=3.5.4|=3.5.5|=3.5.6|=3.5.7|=3.5.8|=3.5.9|=3.4.0|=3.4.1|=3.4.10|=3.4.11|=3.4.12|=3.4.13|=3.4.2|=3.4.3|=3.4.4|=3.4.5|=3.4.6|=3.4.7|=3.4.8|=3.4.9|=3.0.0|=3.0.1|=3.0.10|=3.0.11|=3.0.12|=3.0.13|=3.0.2|=3.0.3|=3.0.4|=3.0.5|=3.0.6|=3.0.7|=3.0.8|=3.0.9|=3.1.0|=3.1.1|=3.1.10|=3.1.11|=3.1.12|=3.1.2|=3.1.3|=3.1.4|=3.1.5|=3.1.6|=3.1.7|=3.1.8|=3.1.9|=3.2.0|=3.2.1|=3.2.10|=3.2.11|=3.2.12|=3.2.2|=3.2.3|=3.2.4|=3.2.5|=3.2.6|=3.2.7|=3.2.8|=3.2.9|=3.3.0|=3.3.1|=3.3.10|=3.3.11|=3.3.12|=3.3.13|=3.3.2|=3.3.3|=3.3.4|=3.3.5|=3.3.6|=3.3.7|=3.3.8|=3.3.9|=1.0.0.RELEASE|=1.0.1.RELEASE|=1.0.2.RELEASE|=1.1.0.RELEASE|=1.1.1.RELEASE|=1.1.10.RELEASE|=1.1.11.RELEASE|=1.1.12.RELEASE|=1.1.2.RELEASE|=1.1.3.RELEASE|=1.1.4.RELEASE|=1.1.5.RELEASE|=1.1.6.RELEASE|=1.1.7.RELEASE|=1.1.8.RELEASE|=1.1.9.RELEASE|=1.2.0.RELEASE|=1.2.1.RELEASE|=1.2.2.RELEASE|=1.2.3.RELEASE|=1.2.4.RELEASE|=1.2.5.RELEASE|=1.2.6.RELEASE|=1.2.7.RELEASE|=1.2.8.RELEASE|=1.3.0.RELEASE|=1.3.1.RELEASE|=1.3.2.RELEASE|=1.3.3.RELEASE|=1.3.4.RELEASE|=1.3.5.RELEASE|=1.3.6.RELEASE|=1.3.7.RELEASE|=1.3.8.RELEASE|=1.4.0.RELEASE|=1.4.1.RELEASE|=1.4.2.RELEASE|=1.4.3.RELEASE|=1.4.4.RELEASE|=1.4.5.RELEASE|=1.4.6.RELEASE|=1.4.7.RELEASE|=1.5.0.RELEASE|=1.5.1.RELEASE|=1.5.10.RELEASE|=1.5.11.RELEASE|=1.5.12.RELEASE|=1.5.13.RELEASE|=1.5.14.RELEASE|=1.5.15.RELEASE|=1.5.16.RELEASE|=1.5.17.RELEASE|=1.5.18.RELEASE|=1.5.19.RELEASE|=1.5.2.RELEASE|=1.5.20.RELEASE|=1.5.21.RELEASE|=1.5.22.RELEASE|=1.5.3.RELEASE|=1.5.4.RELEASE|=1.5.5.RELEASE|=1.5.6.RELEASE|=1.5.7.RELEASE|=1.5.8.RELEASE|=1.5.9.RELEASE|=2.0.0.RELEASE|=2.0.1.RELEASE|=2.0.2.RELEASE|=2.0.3.RELEASE|=2.0.4.RELEASE|=2.0.5.RELEASE|=2.0.6.RELEASE|=2.0.7.RELEASE|=2.0.8.RELEASE|=2.0.9.RELEASE|=2.1.0.RELEASE|=2.1.1.RELEASE|=2.1.10.RELEASE|=2.1.11.RELEASE|=2.1.12.RELEASE|=2.1.13.RELEASE|=2.1.14.RELEASE|=2.1.15.RELEASE|=2.1.16.RELEASE|=2.1.17.RELEASE|=2.1.18.RELEASE|=2.1.2.RELEASE|=2.1.3.RELEASE|=2.1.4.RELEASE|=2.1.5.RELEASE|=2.1.6.RELEASE|=2.1.7.RELEASE|=2.1.8.RELEASE|=2.1.9.RELEASE|=2.2.0.RELEASE|=2.2.1.RELEASE|=2.2.10.RELEASE|=2.2.11.RELEASE|=2.2.12.RELEASE|=2.2.13.RELEASE|=2.2.2.RELEASE|=2.2.3.RELEASE|=2.2.4.RELEASE|=2.2.5.RELEASE|=2.2.6.RELEASE|=2.2.7.RELEASE|=2.2.8.RELEASE|=2.2.9.RELEASE|=2.3.0.RELEASE|=2.3.1.RELEASE|=2.3.10.RELEASE|=2.3.11.RELEASE|=2.3.12.RELEASE|=2.3.2.RELEASE|=2.3.3.RELEASE|=2.3.4.RELEASE|=2.3.5.RELEASE|=2.3.6.RELEASE|=2.3.7.RELEASE|=2.3.8.RELEASE|=2.3.9.RELEASE|=2.4.0|=2.4.1|=2.4.10|=2.4.11|=2.4.12|=2.4.13|=2.4.2|=2.4.3|=2.4.4|=2.4.5|=2.4.6|=2.4.7|=2.4.8|=2.4.9|=2.5.0|=2.5.1|=2.5.10|=2.5.11|=2.5.12|=2.5.13|=2.5.14|=2.5.15|=2.5.2|=2.5.3|=2.5.4|=2.5.5|=2.5.6|=2.5.7|=2.5.8|=2.5.9|=2.6.0|=2.6.1|=2.6.10|=2.6.11|=2.6.12|=2.6.13|=2.6.14|=2.6.15|=2.6.2|=2.6.3|=2.6.4|=2.6.5|=2.6.6|=2.6.7|=2.6.8|=2.6.9|=2.7.0|=2.7.1|=2.7.10|=2.7.11|=2.7.12|=2.7.13|=2.7.14|=2.7.15|=2.7.16|=2.7.17|=2.7.18|=2.7.2|=2.7.3|=2.7.4|=2.7.5|=2.7.6|=2.7.7|=2.7.8|=2.7.9","fixed_version":"3.5.12","source":"osv","published_at":"2026-03-20T00:31:28Z","in_kev":false,"epss_prob":0.00027,"epss_percentile":0.07589,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"3.5.3","total_count":0,"recent":[]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":"2018-01-31T01:10:04+00:00","last_published":"2025-06-20T05:27:40+00:00","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["2 high severity vulnerabilities"],"use_version":"3.5.3","version_hint":"Update to >= 3.5.12 to fix known vulnerabilities","summary":"@3.5.3 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":5140,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":7,"active_contributors_12m":7,"primary_author_ratio":0.77,"owner_account_age_days":5775,"is_archived":false,"stars":80463,"alerts":[]},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"co_used_with":[{"package":"System.Net.Security","occurrences":1},{"package":"@protobufjs/inquire","occurrences":1}],"version_history_summary":{"total_versions":20,"first_release_age_days":3012,"last_release_days_ago":315,"avg_days_between_releases":159,"release_velocity":"moderate"}}