Is org.springframework:spring-framework-bom safe to use?

org.springframework:spring-framework-bom has 1 known vulnerabilities on the latest version (7.0.0-M6). DepScope rates its health at 62/100 (moderate risk).

What is the latest version of org.springframework:spring-framework-bom?

The latest version of org.springframework:spring-framework-bom is 7.0.0-M6, released 2025-06-12.

Does org.springframework:spring-framework-bom have known vulnerabilities?

Yes. org.springframework:spring-framework-bom has 1 known vulnerabilities. See depscope.dev/pkg/maven/org.springframework:spring-framework-bom for details.

Is org.springframework:spring-framework-bom deprecated?

No, org.springframework:spring-framework-bom is actively maintained. Latest release: 7.0.0-M6 (2025-06-12).

What are alternatives to org.springframework:spring-framework-bom?

DepScope has no curated alternatives for org.springframework:spring-framework-bom at this time.

What license does org.springframework:spring-framework-bom use?

License information for org.springframework:spring-framework-bom is not declared in the registry metadata.

org.springframework:spring-framework-bom

mavenv7.0.0-M6

243 versions0 deps551,061 weekly dl

/ 100

Health

use with caution

org.springframework:[email protected] low health (62/100) — consider alternatives

Update to >= 4.3.29 to fix known vulnerabilities

Moderate health score (62/100) — verify manually

Health breakdown0 – 100

10/25

maintenance

14/20

popularity

23/25

security

15/15

maturity

0/15

community

0/15

popularity_floor

Vulnerabilities

1 medium

Advisories (1)

Severity	ID	Summary	Fixed in
medium	CVE-2020-5421	Improper Input Validation in Spring Framework	4.3.29

Threat intelligence

1 likely exploited (EPSS ≥ 0.5)

Threat tier per vulnerability derived from CISA KEV catalog + FIRST.org EPSS scores.

OSS Scorecard

OpenSSF security posture score

5.7/10

moderate

Maintainer trust

Active maintainers (3m)

16

Contributors (12m)

16

Primary author dominance

60%

GitHub stars

59,858

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/maven/org.springframework:spring-framework-bom

Last updated · 2025-06-12T10:14:16+00:00

org.springframework:spring-framework-bom

mavenv7.0.0-M6

243 versions0 deps551,061 weekly dl

/ 100

Health

use with caution

org.springframework:[email protected] low health (62/100) — consider alternatives

Update to >= 4.3.29 to fix known vulnerabilities

Moderate health score (62/100) — verify manually

Health breakdown0 – 100

10/25

maintenance

14/20

popularity

23/25

security

15/15

maturity

0/15

community

0/15

popularity_floor

Vulnerabilities

1 medium

Advisories (1)

Severity	ID	Summary	Fixed in
medium	CVE-2020-5421	Improper Input Validation in Spring Framework	4.3.29

Threat intelligence

1 likely exploited (EPSS ≥ 0.5)

Threat tier per vulnerability derived from CISA KEV catalog + FIRST.org EPSS scores.

OSS Scorecard

OpenSSF security posture score

5.7/10

moderate

Maintainer trust

Active maintainers (3m)

16

Contributors (12m)

16

Primary author dominance

60%

GitHub stars

59,858

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/maven/org.springframework:spring-framework-bom

Last updated · 2025-06-12T10:14:16+00:00