Is org.springframework:spring-messaging safe to use?

org.springframework:spring-messaging has 3 known vulnerabilities on the latest version (7.0.0-M6). DepScope rates its health at 38/100 (critical risk).

What is the latest version of org.springframework:spring-messaging?

The latest version of org.springframework:spring-messaging is 7.0.0-M6, released 2025-06-12.

Does org.springframework:spring-messaging have known vulnerabilities?

Yes. org.springframework:spring-messaging has 3 known vulnerabilities. See depscope.dev/pkg/maven/org.springframework:spring-messaging for details.

Is org.springframework:spring-messaging deprecated?

No, org.springframework:spring-messaging is actively maintained. Latest release: 7.0.0-M6 (2025-06-12).

What are alternatives to org.springframework:spring-messaging?

DepScope has no curated alternatives for org.springframework:spring-messaging at this time.

What license does org.springframework:spring-messaging use?

org.springframework:spring-messaging is licensed under Apache-2.0.

org.springframework:spring-messaging

mavenv7.0.0-M6

Spring Messaging

License Apache-2.0permissive230 versions0 deps

spring-projects/spring-framework

/ 100

Health

do not use

org.springframework:spring-messaging has critical vulnerabilities — do not use

Update to >= 5.2.22.RELEASE to fix known vulnerabilities

Low health score (38/100)
2 critical vulnerabilities

Health breakdown0 – 100

10/25

maintenance

0/20

popularity

3/25

security

15/15

maturity

10/15

community

Vulnerabilities

2 critical1 medium

Advisories (3)

Severity	ID	Summary	Fixed in
critical	CVE-2018-1275	Spring Framework has Improperly Implemented Security Check for Standard	5.0.5.RELEASE
critical	CVE-2018-1270	Spring Framework allows applications to expose STOMP over WebSocket endpoints	4.3.16.RELEASE
medium	CVE-2022-22971	Allocation of Resources Without Limits or Throttling in Spring Framework	5.2.22.RELEASE

Threat intelligence

1 likely exploited (EPSS ≥ 0.5)

Threat tier per vulnerability derived from CISA KEV catalog + FIRST.org EPSS scores.

OSS Scorecard

OpenSSF security posture score

5.7/10

moderate

Maintainer trust

Active maintainers (3m)

16

Contributors (12m)

16

Primary author dominance

60%

GitHub stars

59,858

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/maven/org.springframework:spring-messaging

Last updated · 2025-06-12T10:14:14+00:00