{"package":"org.springframework.data:spring-data-jpa","ecosystem":"maven","latest_version":"4.0.0-M3","description":"Spring Data module for JPA repositories.","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://projects.spring.io/spring-data-jpa","repository":"https://github.com/spring-projects/spring-data-jpa","downloads_weekly":null,"health":{"score":50,"risk":"high","breakdown":{"maintenance":10,"popularity":0,"security":19,"maturity":15,"community":6},"deprecated":false,"max_score":100},"vulnerabilities":{"count":3,"critical":0,"high":0,"medium":3,"low":0,"details":[{"vuln_id":"CVE-2019-3797","severity":"medium","summary":"Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA","affected_versions":"<1.11.20|>=2.0.0,<2.0.14|>=2.1.0,<2.1.6|=1.0.0.RELEASE|=1.0.1.RELEASE|=1.0.2.RELEASE|=1.0.3.RELEASE|=1.1.0.RELEASE|=1.1.1.RELEASE|=1.1.2.RELEASE|=1.10.0.RELEASE|=1.10.1.RELEASE|=1.10.10.RELEASE|=1.10.11.RELEASE|=1.10.2.RELEASE|=1.10.3.RELEASE|=1.10.4.RELEASE|=1.10.5.RELEASE|=1.10.6.RELEASE|=1.10.7.RELEASE|=1.10.8.RELEASE|=1.10.9.RELEASE|=1.11.0.RELEASE|=1.11.1.RELEASE|=1.11.10.RELEASE|=1.11.11.RELEASE|=1.11.12.RELEASE|=1.11.13.RELEASE|=1.11.14.RELEASE|=1.11.15.RELEASE|=1.11.16.RELEASE|=1.11.17.RELEASE|=1.11.18.RELEASE|=1.11.2.RELEASE|=1.11.3.RELEASE|=1.11.4.RELEASE|=1.11.5.RELEASE|=1.11.6.RELEASE|=1.11.7.RELEASE|=1.11.8.RELEASE|=1.11.9.RELEASE|=1.2.0.RELEASE|=1.2.1.RELEASE|=1.3.0.RELEASE|=1.3.1.RELEASE|=1.3.2.RELEASE|=1.3.3.RELEASE|=1.3.4.RELEASE|=1.3.5.RELEASE|=1.4.0.RELEASE|=1.4.1.RELEASE|=1.4.2.RELEASE|=1.4.3.RELEASE|=1.4.4.RELEASE|=1.4.5.RELEASE|=1.5.0.RELEASE|=1.5.1.RELEASE|=1.5.2.RELEASE|=1.5.3.RELEASE|=1.6.0.RELEASE|=1.6.1.RELEASE|=1.6.2.RELEASE|=1.6.4.RELEASE|=1.6.5.RELEASE|=1.6.6.RELEASE|=1.7.0.RELEASE|=1.7.1.RELEASE|=1.7.2.RELEASE|=1.7.3.RELEASE|=1.7.4.RELEASE|=1.8.0.RC1|=1.8.0.RELEASE|=1.8.1.RELEASE|=1.8.2.RELEASE|=1.9.0.RELEASE|=1.9.1.RELEASE|=1.9.2.RELEASE|=1.9.4.RELEASE|=1.9.5.RELEASE|=1.9.6.RELEASE|=2.0.0.RELEASE|=2.0.1.RELEASE|=2.0.10.RELEASE|=2.0.11.RELEASE|=2.0.12.RELEASE|=2.0.13.RELEASE|=2.0.2.RELEASE|=2.0.3.RELEASE|=2.0.4.RELEASE|=2.0.5.RELEASE|=2.0.6.RELEASE|=2.0.7.RELEASE|=2.0.8.RELEASE|=2.0.9.RELEASE|=2.1.0.RELEASE|=2.1.1.RELEASE|=2.1.2.RELEASE|=2.1.3.RELEASE|=2.1.4.RELEASE|=2.1.5.RELEASE","fixed_version":"2.1.6","source":"osv","published_at":"2019-05-14T04:02:35Z","in_kev":false,"epss_prob":0.00246,"epss_percentile":0.47814,"threat_tier":"theoretical"},{"vuln_id":"CVE-2019-3802","severity":"medium","summary":"Improper Neutralization of Wildcards or Matching Symbols","affected_versions":">=2.1.0,<2.1.8|>=2.0.0,<2.1.8|<1.11.22|=2.1.0.RELEASE|=2.1.1.RELEASE|=2.1.2.RELEASE|=2.1.3.RELEASE|=2.1.4.RELEASE|=2.1.5.RELEASE|=2.1.6.RELEASE|=2.1.7.RELEASE|=2.0.0.RELEASE|=2.0.1.RELEASE|=2.0.10.RELEASE|=2.0.11.RELEASE|=2.0.12.RELEASE|=2.0.13.RELEASE|=2.0.14.RELEASE|=2.0.2.RELEASE|=2.0.3.RELEASE|=2.0.4.RELEASE|=2.0.5.RELEASE|=2.0.6.RELEASE|=2.0.7.RELEASE|=2.0.8.RELEASE|=2.0.9.RELEASE|=2.1.0.RELEASE|=2.1.1.RELEASE|=2.1.2.RELEASE|=2.1.3.RELEASE|=2.1.4.RELEASE|=2.1.5.RELEASE|=2.1.6.RELEASE|=2.1.7.RELEASE|=1.0.0.RELEASE|=1.0.1.RELEASE|=1.0.2.RELEASE|=1.0.3.RELEASE|=1.1.0.RELEASE|=1.1.1.RELEASE|=1.1.2.RELEASE|=1.10.0.RELEASE|=1.10.1.RELEASE|=1.10.10.RELEASE|=1.10.11.RELEASE|=1.10.2.RELEASE|=1.10.3.RELEASE|=1.10.4.RELEASE|=1.10.5.RELEASE|=1.10.6.RELEASE|=1.10.7.RELEASE|=1.10.8.RELEASE|=1.10.9.RELEASE|=1.11.0.RELEASE|=1.11.1.RELEASE|=1.11.10.RELEASE|=1.11.11.RELEASE|=1.11.12.RELEASE|=1.11.13.RELEASE|=1.11.14.RELEASE|=1.11.15.RELEASE|=1.11.16.RELEASE|=1.11.17.RELEASE|=1.11.18.RELEASE|=1.11.2.RELEASE|=1.11.20.RELEASE|=1.11.21.RELEASE|=1.11.3.RELEASE|=1.11.4.RELEASE|=1.11.5.RELEASE|=1.11.6.RELEASE|=1.11.7.RELEASE|=1.11.8.RELEASE|=1.11.9.RELEASE|=1.2.0.RELEASE|=1.2.1.RELEASE|=1.3.0.RELEASE|=1.3.1.RELEASE|=1.3.2.RELEASE|=1.3.3.RELEASE|=1.3.4.RELEASE|=1.3.5.RELEASE|=1.4.0.RELEASE|=1.4.1.RELEASE|=1.4.2.RELEASE|=1.4.3.RELEASE|=1.4.4.RELEASE|=1.4.5.RELEASE|=1.5.0.RELEASE|=1.5.1.RELEASE|=1.5.2.RELEASE|=1.5.3.RELEASE|=1.6.0.RELEASE|=1.6.1.RELEASE|=1.6.2.RELEASE|=1.6.4.RELEASE|=1.6.5.RELEASE|=1.6.6.RELEASE|=1.7.0.RELEASE|=1.7.1.RELEASE|=1.7.2.RELEASE|=1.7.3.RELEASE|=1.7.4.RELEASE|=1.8.0.RC1|=1.8.0.RELEASE|=1.8.1.RELEASE|=1.8.2.RELEASE|=1.9.0.RELEASE|=1.9.1.RELEASE|=1.9.2.RELEASE|=1.9.4.RELEASE|=1.9.5.RELEASE|=1.9.6.RELEASE","fixed_version":"1.11.22","source":"osv","published_at":"2019-06-04T15:42:15Z","in_kev":false,"epss_prob":0.00243,"epss_percentile":0.4753,"threat_tier":"theoretical"},{"vuln_id":"CVE-2016-6652","severity":"medium","summary":"Improper Neutralization of Special Elements used in an SQL Command  Pivotal Spring Data JPA","affected_versions":"<1.9.6|>=1.10.0,<1.10.4|=1.0.0.RELEASE|=1.0.1.RELEASE|=1.0.2.RELEASE|=1.0.3.RELEASE|=1.1.0.RELEASE|=1.1.1.RELEASE|=1.1.2.RELEASE|=1.2.0.RELEASE|=1.2.1.RELEASE|=1.3.0.RELEASE|=1.3.1.RELEASE|=1.3.2.RELEASE|=1.3.3.RELEASE|=1.3.4.RELEASE|=1.3.5.RELEASE|=1.4.0.RELEASE|=1.4.1.RELEASE|=1.4.2.RELEASE|=1.4.3.RELEASE|=1.4.4.RELEASE|=1.4.5.RELEASE|=1.5.0.RELEASE|=1.5.1.RELEASE|=1.5.2.RELEASE|=1.5.3.RELEASE|=1.6.0.RELEASE|=1.6.1.RELEASE|=1.6.2.RELEASE|=1.6.4.RELEASE|=1.6.5.RELEASE|=1.6.6.RELEASE|=1.7.0.RELEASE|=1.7.1.RELEASE|=1.7.2.RELEASE|=1.7.3.RELEASE|=1.7.4.RELEASE|=1.8.0.RC1|=1.8.0.RELEASE|=1.8.1.RELEASE|=1.8.2.RELEASE|=1.9.0.RELEASE|=1.9.1.RELEASE|=1.9.2.RELEASE|=1.9.4.RELEASE|=1.9.5.RELEASE|=1.10.0.RELEASE|=1.10.1.RELEASE|=1.10.2.RELEASE|=1.10.3.RELEASE","fixed_version":"1.10.4","source":"osv","published_at":"2022-05-17T02:37:09Z","in_kev":false,"epss_prob":0.00317,"epss_percentile":0.5474,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"4.0.0-M3","total_count":267,"recent":["3.5.1","3.4.7","3.3.13","4.0.0-M3","3.5.0","3.4.6","3.3.12","4.0.0-M2","3.4.5","3.3.11","3.4.4","3.3.10","3.4.3","3.3.9","4.0.0-M1","3.4.2","3.3.8","3.3.7","3.4.1","3.4.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2025-05-16T12:33:29+00:00","dependencies_count":0,"dependencies":[]},"github_stats":{"stars":3252,"forks":1555,"open_issues":106,"is_archived":false,"pushed_at":"2026-04-17T15:14:34Z","subscribers_count":193},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"4.0.0-M3","version_hint":"Update to >= 1.10.4 to fix known vulnerabilities","summary":"org.springframework.data:spring-data-jpa@4.0.0-M3 is safe to use (health: 50/100)"},"version_scoped":null,"requested_version":null,"_cache":"hit","_response_ms":0,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"co_used_with":[{"package":"@cropper/element-crosshair","occurrences":3}],"version_history_summary":{"total_versions":20,"first_release_age_days":3121,"last_release_days_ago":347,"avg_days_between_releases":164,"release_velocity":"moderate"}}