depscope
Packages
IntegrateAPI DocsCuratorBenchmarkCoverage
Sign inGet API access
depscope/maven/org.springframework:spring-webmvc

org.springframework:spring-webmvc

mavenv7.0.0-M6

Spring Web MVC

License Apache-2.0permissive311 versions0 deps551,061 weekly dl
spring-projects/spring-framework
49
/ 100
Health
do not use

org.springframework:spring-webmvc has critical vulnerabilities — do not use

Update to >= 5.3.42 to fix known vulnerabilities

  • 6 high severity vulnerabilities
  • 2 critical vulnerabilities
Health breakdown0 – 100
10/25
maintenance
14/20
popularity
0/25
security
15/15
maturity
10/15
community
Vulnerabilities
16
2 critical6 high7 medium1 low
Advisories (16)
SeverityIDSummaryFixed in
highCVE-2016-9878Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized4.3.5
criticalCVE-2022-22965Remote Code Execution in Spring Framework2.6.6
mediumCVE-2026-22737Spring Framework Improper Path Limitation with Script View Templates6.2.17
lowCVE-2026-22735Spring MVC and WebFlux has Server Sent Event stream corruption6.2.17
criticalCVE-2023-20860Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch5.3.26
mediumCVE-2020-5397CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux5.2.3
mediumCVE-2014-0054Cross-Site Request Forgery in Spring Framework4.0.2
highCVE-2020-5398RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application5.0.16.RELEASE
highCVE-2024-38816Path traversal vulnerability in functional web frameworks6.1.13
highCVE-2014-0225Improper Restriction of XML External Entity Reference in Spring Framework3.2.8
mediumCVE-2014-1904Improper Neutralization of Input During Web Page Generation in Spring Framework4.0.2.RELEASE
highCVE-2024-38819Spring Framework Path Traversal vulnerability6.1.14
mediumCVE-2014-3625Improper Limitation of a Pathname to a Restricted Directory in Spring Framework4.1.2
mediumCVE-2025-41242Spring Framework MVC Applications Path Traversal Vulnerability6.2.10
highCVE-2023-34053Spring Framework vulnerable to denial of service6.0.14
mediumCVE-2024-38828Spring MVC controller vulnerable to a DoS attack5.3.42
Threat intelligence
1 actively exploited (CISA KEV)4 likely exploited (EPSS ≥ 0.5)
Threat tier per vulnerability derived from CISA KEV catalog + FIRST.org EPSS scores.
OSS Scorecard
OpenSSF security posture score
5.7/10
moderate
Maintainer trust
Active maintainers (3m)
16
Contributors (12m)
16
Primary author dominance
60%
GitHub stars
59,858

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/maven/org.springframework:spring-webmvc

Last updated · 2025-06-12T10:14:08+00:00

DepScope

Package intelligence for AI agents. 19 ecosystems.

Resources
API DocumentationHallucination BenchmarkFor EnterpriseSwagger / OpenAPIPopular PackagesCoverageAI Plugin SetupWatch the pitch (60s)
Legal
Legal hubPrivacy PolicyTerms of ServiceCookie PolicyAcceptable UseAttributionDPASub-processorsSecurityImprintContact中文
© 2026 Cuttalo srl — Italy · VAT IT03242390734Built for AI agents