Is org.springframework:spring-expression safe to use?

org.springframework:spring-expression has 4 known vulnerabilities on the latest version (7.0.0-M6). DepScope rates its health at 53/100 (high risk).

What is the latest version of org.springframework:spring-expression?

The latest version of org.springframework:spring-expression is 7.0.0-M6, released 2025-06-12.

Does org.springframework:spring-expression have known vulnerabilities?

Yes. org.springframework:spring-expression has 4 known vulnerabilities. See depscope.dev/pkg/maven/org.springframework:spring-expression for details.

Is org.springframework:spring-expression deprecated?

No, org.springframework:spring-expression is actively maintained. Latest release: 7.0.0-M6 (2025-06-12).

What are alternatives to org.springframework:spring-expression?

DepScope has no curated alternatives for org.springframework:spring-expression at this time.

What license does org.springframework:spring-expression use?

org.springframework:spring-expression is licensed under Apache-2.0.

org.springframework:spring-expression

mavenv7.0.0-M6

Spring Expression Language (SpEL)

License Apache-2.0permissive262 versions0 deps551,061 weekly dl

spring-projects/spring-framework

/ 100

Health

update required

org.springframework:[email protected] has vulnerabilities — update to latest

Update to >= 5.2.24.RELEASE to fix known vulnerabilities

1 high severity vulnerabilities

Health breakdown0 – 100

10/25

maintenance

14/20

popularity

14/25

security

15/15

maturity

0/15

community

Vulnerabilities

1 high3 medium

Advisories (4)

Severity	ID	Summary	Fixed in
medium	CVE-2022-22950	Allocation of Resources Without Limits or Throttling in Spring Framework	5.2.20.RELEASE
medium	CVE-2023-20861	Spring Framework vulnerable to denial of service via specially crafted SpEL expression	5.2.23.RELEASE
medium	CVE-2024-38808	Spring Framework vulnerable to Denial of Service	5.3.39
high	CVE-2023-20863	Spring Framework vulnerable to denial of service	5.2.24.RELEASE

OSS Scorecard

OpenSSF security posture score

5.7/10

moderate

Maintainer trust

Active maintainers (3m)

16

Contributors (12m)

16

Primary author dominance

60%

GitHub stars

59,858

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/maven/org.springframework:spring-expression

Last updated · 2025-06-12T10:14:16+00:00