Is org.springframework:spring-websocket safe to use?

org.springframework:spring-websocket has 1 known vulnerabilities on the latest version (7.0.0-M6). DepScope rates its health at 48/100 (high risk).

What is the latest version of org.springframework:spring-websocket?

The latest version of org.springframework:spring-websocket is 7.0.0-M6, released 2025-06-12.

Does org.springframework:spring-websocket have known vulnerabilities?

Yes. org.springframework:spring-websocket has 1 known vulnerabilities. See depscope.dev/pkg/maven/org.springframework:spring-websocket for details.

Is org.springframework:spring-websocket deprecated?

No, org.springframework:spring-websocket is actively maintained. Latest release: 7.0.0-M6 (2025-06-12).

What are alternatives to org.springframework:spring-websocket?

DepScope has no curated alternatives for org.springframework:spring-websocket at this time.

What license does org.springframework:spring-websocket use?

org.springframework:spring-websocket is licensed under Apache-2.0.

org.springframework:spring-websocket

mavenv7.0.0-M6

Spring WebSocket

License Apache-2.0permissive230 versions0 deps

spring-projects/spring-framework

/ 100

Health

safe to use

org.springframework:[email protected] is safe to use (health: 48/100)

Update to >= 6.2.12 to fix known vulnerabilities

Health breakdown0 – 100

10/25

maintenance

0/20

popularity

23/25

security

15/15

maturity

0/15

community

Vulnerabilities

1 medium

Advisories (1)

Severity	ID	Summary	Fixed in
medium	CVE-2025-41254	Spring Framework STOMP over WebSocket applications may allow attackers to send unauthorized messages	6.2.12

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/maven/org.springframework:spring-websocket

Last updated · 2025-06-12T10:14:07+00:00