Report a CVE to HeroDevs

Committed to Security and Confidentiality

At HeroDevs, safeguarding the security of open-source software and its ecosystem is our priority. As a Certified Numbering Authority (CNA), we ensure your vulnerability reports are handled with utmost confidentiality and professionalism.

Search tool icon

Report a Vulnerability

When you report a CVE, you can trust that:
  • Your submission is reviewed promptly and securely by our team of security experts.
  • Details of the vulnerability will not be disclosed until appropriate patches are developed and coordinated with the necessary stakeholders.
  • Your role as the reporter will be respected, with attribution provided as per your preference.
Every vulnerability we address strengthens the open-source ecosystem and ensures the continued security of end-of-life software. At HeroDevs, we actively track, assess, and address vulnerabilities to safeguard the security of open source software and protect the businesses that rely on it.

By clicking “submit” I acknowledge receipt of our Privacy Policy.

Thank you! Your submission has been received!
Please enter a company email.
Early Detection and CVE Remediation

75 Security Issues Fixed
(and always looking for more)

Below is a snapshot of the most recent 10 of 75 vulnerabilities in our database, demonstrating our commitment to transparency and proactive security.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
Critical
Next.js
Authorization Bypass
>= 11.1.4
Mar 23, 2025
High
Spring
Spring Security
Authorization Bypass
<=5.6.12, >=5.7.0 <5.7.16, >=5.8.0 <5.8.18, >=6.0.0 <=6.0.16, >=6.1.0 <6.1.14, >=6.2.0 <6.2.10, >=6.3.0 <6.3.8, >=6.4.0 <6.4.4
Mar 20, 2025
Medium
Spring
Spring for Apache Kafka
Remote Code Execution
<2.9.11, >=3.0.0 <3.0.10
Mar 3, 2025
Medium
Bootstrap
Bootstrap
Cross-Site Scripting
>=2.0.0 <=2.3.2, >=3.0.0-rc1 <3.4.1
Feb 28, 2025
Medium
Bootstrap
Bootstrap
Cross-Site Scripting
>=2.0.0 <=2.3.2, >=3.0.0-rc1 <3.4.0, >=4.0.0-alpha <4.0.0-beta.2
Feb 28, 2025
Medium
Bootstrap
Bootstrap
Cross-Site Scripting
>=2.3.0 <=2.3.2, >=3.0.0-rc1 <3.4.0, >=4.0.0-alpha <4.1.2
Feb 28, 2025
Medium
Bootstrap
Bootstrap
Cross-Site Scripting
>=2.3.0 <=2.3.2, >=3.0.0-rc1 <3.4.0, >=4.0.0-alpha <4.1.2
Feb 28, 2025
Medium
Rails
Rack
Improper Output Neutralization for Logs
<2.2.11, <3.0.12, <3.1.10
Feb 14, 2025
High
Web Essentials
IP
Server-Side Request Forgery
<=2.0.1
Jan 27, 2025
High
Web Essentials
Http Proxy Middleware
Denial of Service
<2.0.7, >=3.0.0 <3.0.3
Jan 27, 2025
For more details on CVEs found in end-of-life software, visit our vulnerability directory.