Vulnerability Directory
If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.
Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.
Switch to Never-Ending Support (NES) from HeroDevs to immediately mitigate these vulnerabilities.
Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.
Switch to Never-Ending Support (NES) from HeroDevs to immediately mitigate these vulnerabilities.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
Critical
Apache Spark
Apache Spark
Broken Access
<3.4.0 >=3.3.0 <=3.3.1 >=3.2.0 <=3.2.3 >=3.1.0 <=3.1.3 >=3.0.0 <=3.0.3 >=2.4.8
Apr 9, 2025
High
Apache Spark
Apache Spark
Command Injection
>=3.2.0 <=3.2.1 >=3.1.1 <=3.1.3 <=3.0.3
Apr 9, 2025
Medium
Apache Solr & Lucene
Apache Lucene
Remote Code Execution
>=4.4.0 <9.12.0
Mar 21, 2025
High
Spring
Spring Security
Authorization Bypass
<=5.6.12, >=5.7.0 <5.7.16, >=5.8.0 <5.8.18, >=6.0.0 <=6.0.16, >=6.1.0 <6.1.14, >=6.2.0 <6.2.10, >=6.3.0 <6.3.8, >=6.4.0 <6.4.4
Mar 20, 2025
Medium
Spring
Spring for Apache Kafka
Remote Code Execution
<2.9.11, >=3.0.0 <3.0.10
Mar 3, 2025
Medium
Bootstrap
Bootstrap
Cross-Site Scripting
>=2.0.0 <=2.3.2, >=3.0.0-rc1 <3.4.1
Feb 28, 2025
Medium
Bootstrap
Bootstrap
Cross-Site Scripting
>=2.0.0 <=2.3.2, >=3.0.0-rc1 <3.4.0, >=4.0.0-alpha <4.0.0-beta.2
Feb 28, 2025
Medium
Bootstrap
Bootstrap
Cross-Site Scripting
>=2.3.0 <=2.3.2, >=3.0.0-rc1 <3.4.0, >=4.0.0-alpha <4.1.2
Feb 28, 2025
Medium
Bootstrap
Bootstrap
Cross-Site Scripting
>=2.3.0 <=2.3.2, >=3.0.0-rc1 <3.4.0, >=4.0.0-alpha <4.1.2
Feb 28, 2025
Medium
Rails
Rack
Improper Output Neutralization for Logs
<2.2.11, <3.0.12, <3.1.10
Feb 14, 2025
No results found
Please enter a valid Vulnerability ID number or Technology name.