{"package":"org.springframework.data:spring-data-mongodb","ecosystem":"maven","latest_version":"5.0.0-M3","description":"MongoDB support for Spring Data","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://spring.io/projects/spring-data-mongodb","repository":"https://github.com/spring-projects/spring-data-mongodb","downloads_weekly":0,"health":{"score":40,"risk":"high","breakdown":{"maintenance":10,"popularity":0,"security":15,"maturity":15,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":1,"high":0,"medium":0,"low":0,"details":[{"vuln_id":"CVE-2022-22980","severity":"critical","summary":"SpEL Injection in Spring Data MongoDB","affected_versions":">=3.4.0,<3.4.1|<3.3.5|=3.4.0|=1.0.0.RELEASE|=1.0.1.RELEASE|=1.0.2.RELEASE|=1.0.3.RELEASE|=1.0.4.RELEASE|=1.1.0.RELEASE|=1.1.1.RELEASE|=1.1.2.RELEASE|=1.10.0.RELEASE|=1.10.1.RELEASE|=1.10.10.RELEASE|=1.10.11.RELEASE|=1.10.12.RELEASE|=1.10.13.RELEASE|=1.10.14.RELEASE|=1.10.15.RELEASE|=1.10.16.RELEASE|=1.10.17.RELEASE|=1.10.18.RELEASE|=1.10.2.RELEASE|=1.10.20.RELEASE|=1.10.21.RELEASE|=1.10.22.RELEASE|=1.10.23.RELEASE|=1.10.3.RELEASE|=1.10.4.RELEASE|=1.10.5.RELEASE|=1.10.6.RELEASE|=1.10.7.RELEASE|=1.10.8.RELEASE|=1.10.9.RELEASE|=1.2.0.RELEASE|=1.2.1.RELEASE|=1.2.2.RELEASE|=1.2.3.RELEASE|=1.2.4.RELEASE|=1.3.0.RELEASE|=1.3.1.RELEASE|=1.3.2.RELEASE|=1.3.3.RELEASE|=1.3.4.RELEASE|=1.3.5.RELEASE|=1.4.0.RELEASE|=1.4.1.RELEASE|=1.4.2.RELEASE|=1.4.3.RELEASE|=1.5.0.RELEASE|=1.5.1.RELEASE|=1.5.2.RELEASE|=1.5.4.RELEASE|=1.5.5.RELEASE|=1.5.6.RELEASE|=1.6.0.RELEASE|=1.6.1.RELEASE|=1.6.2.RELEASE|=1.6.3.RELEASE|=1.6.4.RELEASE|=1.7.0.RELEASE|=1.7.1.RELEASE|=1.7.2.RELEASE|=1.8.0.RELEASE|=1.8.1.RELEASE|=1.8.2.RELEASE|=1.8.4.RELEASE|=1.8.5.RELEASE|=1.8.6.RELEASE|=1.9.0.RELEASE|=1.9.1.RELEASE|=1.9.10.RELEASE|=1.9.11.RELEASE|=1.9.2.RELEASE|=1.9.3.RELEASE|=1.9.4.RELEASE|=1.9.5.RELEASE|=1.9.6.RELEASE|=1.9.7.RELEASE|=1.9.8.RELEASE|=1.9.9.RELEASE|=2.0.0.RELEASE|=2.0.1.RELEASE|=2.0.10.RELEASE|=2.0.11.RELEASE|=2.0.12.RELEASE|=2.0.13.RELEASE|=2.0.14.RELEASE|=2.0.2.RELEASE|=2.0.3.RELEASE|=2.0.4.RELEASE|=2.0.5.RELEASE|=2.0.6.RELEASE|=2.0.7.RELEASE|=2.0.8.RELEASE|=2.0.9.RELEASE|=2.1.0.RELEASE|=2.1.1.RELEASE|=2.1.10.RELEASE|=2.1.11.RELEASE|=2.1.12.RELEASE|=2.1.13.RELEASE|=2.1.14.RELEASE|=2.1.15.RELEASE|=2.1.16.RELEASE|=2.1.17.RELEASE|=2.1.18.RELEASE|=2.1.19.RELEASE|=2.1.2.RELEASE|=2.1.20.RELEASE|=2.1.21.RELEASE|=2.1.3.RELEASE|=2.1.4.RELEASE|=2.1.5.RELEASE|=2.1.6.RELEASE|=2.1.7.RELEASE|=2.1.8.RELEASE|=2.1.9.RELEASE|=2.2.0.RELEASE|=2.2.1.RELEASE|=2.2.10.RELEASE|=2.2.11.RELEASE|=2.2.12.RELEASE|=2.2.13.RELEASE|=2.2.2.RELEASE|=2.2.3.RELEASE|=2.2.4.RELEASE|=2.2.5.RELEASE|=2.2.6.RELEASE|=2.2.7.RELEASE|=2.2.8.RELEASE|=2.2.9.RELEASE|=3.0.0.RELEASE|=3.0.1.RELEASE|=3.0.2.RELEASE|=3.0.3.RELEASE|=3.0.4.RELEASE|=3.0.5.RELEASE|=3.0.6.RELEASE|=3.0.7.RELEASE|=3.0.8.RELEASE|=3.0.9.RELEASE|=3.1.0|=3.1.1|=3.1.10|=3.1.11|=3.1.12|=3.1.13|=3.1.14|=3.1.15|=3.1.2|=3.1.3|=3.1.4|=3.1.5|=3.1.6|=3.1.7|=3.1.8|=3.1.9|=3.2.0|=3.2.1|=3.2.10|=3.2.11|=3.2.12|=3.2.2|=3.2.3|=3.2.4|=3.2.5|=3.2.6|=3.2.7|=3.2.8|=3.2.9|=3.3.0|=3.3.1|=3.3.2|=3.3.3|=3.3.4","fixed_version":"3.3.5","source":"osv","published_at":"2022-06-24T00:00:30Z","in_kev":false,"epss_prob":0.83196,"epss_percentile":0.99272,"threat_tier":"likely_exploited"}],"actively_exploited_count":0,"likely_exploited_count":1},"versions":{"latest":"5.0.0-M3","total_count":264,"recent":["4.5.1","4.4.7","4.3.13","5.0.0-M3","4.5.0","4.4.6","4.3.12","5.0.0-M2","4.4.5","4.3.11","4.4.4","4.3.10","4.4.3","4.3.9","5.0.0-M1","4.4.2","4.3.8","4.3.7","4.4.1","4.4.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2025-05-16T12:33:54+00:00","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"do_not_use","issues":["1 critical vulnerabilities"],"use_version":"5.0.0-M3","version_hint":"Update to >= 3.3.5 to fix known vulnerabilities","summary":"org.springframework.data:spring-data-mongodb has critical vulnerabilities — do not use"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":1712,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":1,"active_contributors_12m":0,"primary_author_ratio":0.0,"owner_account_age_days":5776,"is_archived":false,"stars":1677,"alerts":["single_active_maintainer_3m"]},"malicious":{"is_malicious":false},"scorecard":{"available":true,"score":6.1,"tier":"moderate"},"quality":{"available":false},"co_used_with":[{"package":"Google.Apis","occurrences":2}],"version_history_summary":{"total_versions":20,"first_release_age_days":3124,"last_release_days_ago":350,"avg_days_between_releases":164,"release_velocity":"moderate"}}