Skip to content

fix(deps): update dependency org.springframework.boot:spring-boot-starter-parent to v2.7.18 (wip) #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mend-for-github-com wants to merge 1 commit into
base: wip
Choose a base branch
from

fix(deps): update dependency org.springframework.boot:spring-boot-sta…

0bf16c9
Select commit
Loading
Failed to load commit list.
Open

fix(deps): update dependency org.springframework.boot:spring-boot-starter-parent to v2.7.18 (wip) #27

fix(deps): update dependency org.springframework.boot:spring-boot-sta…
0bf16c9
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed May 26, 2026 in 2m 27s

Security Report

You have successfully remediated 67 vulnerabilities, but introduced 55 new vulnerabilities in this branch.

❌ New vulnerabilities:

Partial results (50 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.


Vulnerability Severity CVSS Score Exploit Maturity EPSS Vulnerable Library Direct Library Suggested Fix Issue Reachability
CVE-2022-1471

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> ❌ snakeyaml-1.30.jar (Vulnerable Library)

High 8.3 Functional 93.849% Transitive snakeyaml-1.30.jar spring-boot-starter-web-2.7.18.jar Transitive 2.0 None

Reachable
CVE-2024-22262

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.31/spring-web-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-json-2.7.18.jar

     -> ❌ spring-web-5.3.31.jar (Vulnerable Library)

High 8.1 Not Defined 12.634% Transitive spring-web-5.3.31.jar spring-boot-starter-web-2.7.18.jar Transitive 5.3.34 None

Reachable
CVE-2024-22259

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.31/spring-web-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-json-2.7.18.jar

     -> ❌ spring-web-5.3.31.jar (Vulnerable Library)

High 8.1 Not Defined 56.395% Transitive spring-web-5.3.31.jar spring-boot-starter-web-2.7.18.jar Transitive 5.3.33 None

Reachable
CVE-2024-22243

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.31/spring-web-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-json-2.7.18.jar

     -> ❌ spring-web-5.3.31.jar (Vulnerable Library)

High 8.1 Not Defined 59.593% Transitive spring-web-5.3.31.jar spring-boot-starter-web-2.7.18.jar Transitive 5.3.32 None

Reachable
WS-2026-0003

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.13.5/jackson-core-2.13.5.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-json-2.7.18.jar

     -> jackson-databind-2.13.5.jar

       -> ❌ jackson-core-2.13.5.jar (Vulnerable Library)

High 7.5 Not Defined Transitive jackson-core-2.13.5.jar spring-boot-starter-web-2.7.18.jar Transitive 2.18.6 None

Reachable
WS-2022-0468

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.13.5/jackson-core-2.13.5.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-json-2.7.18.jar

     -> jackson-databind-2.13.5.jar

       -> ❌ jackson-core-2.13.5.jar (Vulnerable Library)

High 7.5 Not Defined Transitive jackson-core-2.13.5.jar spring-boot-starter-web-2.7.18.jar Transitive 2.15.0-rc1 None

Reachable
CVE-2025-52999

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.13.5/jackson-core-2.13.5.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-json-2.7.18.jar

     -> jackson-databind-2.13.5.jar

       -> ❌ jackson-core-2.13.5.jar (Vulnerable Library)

High 7.5 Not Defined 0.252% Transitive jackson-core-2.13.5.jar spring-boot-starter-web-2.7.18.jar Transitive 2.15.0 None

Reachable
CVE-2025-41249

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.31/spring-core-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> spring-boot-2.7.18.jar

       -> ❌ spring-core-5.3.31.jar (Vulnerable Library)

High 7.5 Not Defined 0.083% Transitive spring-core-5.3.31.jar spring-boot-starter-web-2.7.18.jar Transitive https://github.com/spring-projects/spring-framework.git - v6.2.11,org.springframework:spring-core:6.2.11 None

Reachable
CVE-2022-25857

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> ❌ snakeyaml-1.30.jar (Vulnerable Library)

High 7.5 Not Defined 2.92% Transitive snakeyaml-1.30.jar spring-boot-starter-web-2.7.18.jar Transitive 1.31 None

Reachable
CVE-2025-22235

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.7.18/spring-boot-2.7.18.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> ❌ spring-boot-2.7.18.jar (Vulnerable Library)

High 7.3 Functional 0.39% Transitive spring-boot-2.7.18.jar spring-boot-starter-web-2.7.18.jar Transitive https://github.com/spring-projects/spring-boot.git - v3.4.5,https://github.com/spring-projects/spring-boot.git - v3.3.11,org.springframework.boot:spring-boot-actuator-autoconfigure:3.4.5,org.springframework.boot:spring-boot-actuator-autoconfigure:3.3.11 None

Reachable
CVE-2024-12798

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.12/logback-classic-1.2.12.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> spring-boot-starter-logging-2.7.18.jar

       -> ❌ logback-classic-1.2.12.jar (Vulnerable Library)

High 7.3 Not Defined 0.169% Transitive logback-classic-1.2.12.jar spring-boot-starter-web-2.7.18.jar Transitive 1.3.15 None

Reachable
CVE-2024-12798

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.12/logback-core-1.2.12.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> spring-boot-starter-logging-2.7.18.jar

       -> logback-classic-1.2.12.jar

         -> ❌ logback-core-1.2.12.jar (Vulnerable Library)

High 7.3 Not Defined 0.169% Transitive logback-core-1.2.12.jar spring-boot-starter-web-2.7.18.jar Transitive 1.3.15 None

Reachable
CVE-2023-6481

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.12/logback-core-1.2.12.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> spring-boot-starter-logging-2.7.18.jar

       -> logback-classic-1.2.12.jar

         -> ❌ logback-core-1.2.12.jar (Vulnerable Library)

High 7.1 Not Defined 0.224% Transitive logback-core-1.2.12.jar spring-boot-starter-web-2.7.18.jar Transitive 1.2.13 None

Reachable
CVE-2023-6378

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.12/logback-core-1.2.12.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> spring-boot-starter-logging-2.7.18.jar

       -> logback-classic-1.2.12.jar

         -> ❌ logback-core-1.2.12.jar (Vulnerable Library)

High 7.1 Not Defined 0.613% Transitive logback-core-1.2.12.jar spring-boot-starter-web-2.7.18.jar Transitive 1.2.13 None

Reachable
CVE-2023-6378

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-classic/1.2.12/logback-classic-1.2.12.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> spring-boot-starter-logging-2.7.18.jar

       -> ❌ logback-classic-1.2.12.jar (Vulnerable Library)

High 7.1 Not Defined 0.613% Transitive logback-classic-1.2.12.jar spring-boot-starter-web-2.7.18.jar Transitive 1.2.13 None

Reachable
CVE-2026-40973

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.7.18/spring-boot-2.7.18.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> ❌ spring-boot-2.7.18.jar (Vulnerable Library)

High 7.0 Not Defined 0.007% Transitive spring-boot-2.7.18.jar spring-boot-starter-web-2.7.18.jar Transitive org.springframework.boot:spring-boot:4.0.6,https://github.com/spring-projects/spring-boot.git - v4.0.6,https://github.com/spring-projects/spring-boot.git - v3.3.14,https://github.com/spring-projects/spring-boot.git - v3.5.14,org.springframework.boot:spring-boot:3.5.14,https://github.com/spring-projects/spring-boot.git - v3.4.14 None

Reachable
CVE-2026-22740

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.31/spring-web-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-json-2.7.18.jar

     -> ❌ spring-web-5.3.31.jar (Vulnerable Library)

Medium 6.5 Not Defined 0.049% Transitive spring-web-5.3.31.jar spring-boot-starter-web-2.7.18.jar Transitive org.springframework:spring-web:6.2.18,https://github.com/spring-projects/spring-framework.git - v7.0.7,org.springframework:spring-web:7.0.7,https://github.com/spring-projects/spring-framework.git - v6.2.18 None

Reachable
CVE-2022-38752

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> ❌ snakeyaml-1.30.jar (Vulnerable Library)

Medium 6.5 Not Defined 0.205% Transitive snakeyaml-1.30.jar spring-boot-starter-web-2.7.18.jar Transitive 1.32 None

Reachable
CVE-2022-38751

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> ❌ snakeyaml-1.30.jar (Vulnerable Library)

Medium 6.5 Not Defined 0.3% Transitive snakeyaml-1.30.jar spring-boot-starter-web-2.7.18.jar Transitive 1.31 None

Reachable
CVE-2022-38750

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> ❌ snakeyaml-1.30.jar (Vulnerable Library)

Medium 6.5 Not Defined 0.693% Transitive snakeyaml-1.30.jar spring-boot-starter-web-2.7.18.jar Transitive 1.31 None

Reachable
CVE-2022-38749

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> ❌ snakeyaml-1.30.jar (Vulnerable Library)

Medium 6.5 Not Defined 0.533% Transitive snakeyaml-1.30.jar spring-boot-starter-web-2.7.18.jar Transitive 1.31 None

Reachable
CVE-2026-22737

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.3.31/spring-webmvc-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> ❌ spring-webmvc-5.3.31.jar (Vulnerable Library)

Medium 5.9 Not Defined 0.092% Transitive spring-webmvc-5.3.31.jar spring-boot-starter-web-2.7.18.jar Transitive org.springframework:spring-webflux:6.2.17,org.springframework:spring-webflux:7.0.6,https://github.com/spring-projects/spring-framework.git - v7.0.6 None

Reachable
CVE-2025-41242

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.3.31/spring-webmvc-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> ❌ spring-webmvc-5.3.31.jar (Vulnerable Library)

Medium 5.9 Not Defined 5.222% Transitive spring-webmvc-5.3.31.jar spring-boot-starter-web-2.7.18.jar Transitive https://github.com/spring-projects/spring-framework.git - v6.2.10,org.springframework:spring-beans:6.2.10 None

Reachable
CVE-2025-41242

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-beans/5.3.31/spring-beans-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> spring-boot-2.7.18.jar

       -> spring-context-5.3.31.jar

         -> spring-aop-5.3.31.jar

           -> ❌ spring-beans-5.3.31.jar (Vulnerable Library)

Medium 5.9 Not Defined 5.222% Transitive spring-beans-5.3.31.jar spring-boot-starter-web-2.7.18.jar Transitive https://github.com/spring-projects/spring-framework.git - v6.2.10,org.springframework:spring-beans:6.2.10 None

Reachable
CVE-2022-41854

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/yaml/snakeyaml/1.30/snakeyaml-1.30.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> ❌ snakeyaml-1.30.jar (Vulnerable Library)

Medium 5.8 Not Defined 0.123% Transitive snakeyaml-1.30.jar spring-boot-starter-web-2.7.18.jar Transitive 1.32 None

Reachable
CVE-2024-38828

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.31/spring-core-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> spring-boot-2.7.18.jar

       -> ❌ spring-core-5.3.31.jar (Vulnerable Library)

Medium 5.3 Not Defined 0.076% Transitive spring-core-5.3.31.jar spring-boot-starter-web-2.7.18.jar None

Reachable
CVE-2024-38828

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.3.31/spring-webmvc-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> ❌ spring-webmvc-5.3.31.jar (Vulnerable Library)

Medium 5.3 Not Defined 0.076% Transitive spring-webmvc-5.3.31.jar spring-boot-starter-web-2.7.18.jar None

Reachable
CVE-2024-38828

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.31/spring-web-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-json-2.7.18.jar

     -> ❌ spring-web-5.3.31.jar (Vulnerable Library)

Medium 5.3 Not Defined 0.076% Transitive spring-web-5.3.31.jar spring-boot-starter-web-2.7.18.jar None

Reachable
CVE-2024-38809

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.31/spring-web-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-json-2.7.18.jar

     -> ❌ spring-web-5.3.31.jar (Vulnerable Library)

Medium 5.3 Not Defined 0.14% Transitive spring-web-5.3.31.jar spring-boot-starter-web-2.7.18.jar Transitive 5.3.38 None

Reachable
CVE-2026-40974

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.7.18/spring-boot-autoconfigure-2.7.18.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> ❌ spring-boot-autoconfigure-2.7.18.jar (Vulnerable Library)

Medium 5.0 Not Defined 0.062% Transitive spring-boot-autoconfigure-2.7.18.jar spring-boot-starter-web-2.7.18.jar Transitive 2.7.33 None

Reachable
CVE-2026-1225

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.12/logback-core-1.2.12.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> spring-boot-starter-logging-2.7.18.jar

       -> logback-classic-1.2.12.jar

         -> ❌ logback-core-1.2.12.jar (Vulnerable Library)

Medium 5.0 Not Defined 0.014% Transitive logback-core-1.2.12.jar spring-boot-starter-web-2.7.18.jar Transitive https://github.com/qos-ch/logback.git - v_1.5.25 None

Reachable
CVE-2026-40975

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.7.18/spring-boot-2.7.18.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> ❌ spring-boot-2.7.18.jar (Vulnerable Library)

Medium 4.8 Not Defined 0.048% Transitive spring-boot-2.7.18.jar spring-boot-starter-web-2.7.18.jar Transitive org.springframework.boot:spring-boot:4.0.6,https://github.com/spring-projects/spring-boot.git - v3.4.14,https://github.com/spring-projects/spring-boot.git - v3.3.14,https://github.com/spring-projects/spring-boot.git - v4.0.6,https://github.com/spring-projects/spring-boot.git - v3.5.14,org.springframework.boot:spring-boot:3.5.14 None

Reachable
CVE-2026-40977

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/boot/spring-boot/2.7.18/spring-boot-2.7.18.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> ❌ spring-boot-2.7.18.jar (Vulnerable Library)

Medium 4.7 Not Defined 0.017% Transitive spring-boot-2.7.18.jar spring-boot-starter-web-2.7.18.jar Transitive https://github.com/spring-projects/spring-boot.git - v4.0.6,https://github.com/spring-projects/spring-boot.git - v3.5.14,org.springframework.boot:spring-boot:4.0.6,https://github.com/spring-projects/spring-boot.git - v3.3.14,https://github.com/spring-projects/spring-boot.git - v3.4.14,org.springframework.boot:spring-boot:3.5.14 None

Reachable
CVE-2024-12801

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/ch/qos/logback/logback-core/1.2.12/logback-core-1.2.12.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> spring-boot-starter-logging-2.7.18.jar

       -> logback-classic-1.2.12.jar

         -> ❌ logback-core-1.2.12.jar (Vulnerable Library)

Medium 4.6 Not Defined 0.064% Transitive logback-core-1.2.12.jar spring-boot-starter-web-2.7.18.jar Transitive 1.3.15 None

Reachable
CVE-2024-38808

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-expression/5.3.31/spring-expression-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> spring-boot-2.7.18.jar

       -> spring-context-5.3.31.jar

         -> ❌ spring-expression-5.3.31.jar (Vulnerable Library)

Medium 4.3 Not Defined 0.809% Transitive spring-expression-5.3.31.jar spring-boot-starter-web-2.7.18.jar Transitive 5.3.39 None

Reachable
CVE-2025-22233

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-context/5.3.31/spring-context-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> spring-boot-2.7.18.jar

       -> ❌ spring-context-5.3.31.jar (Vulnerable Library)

Low 3.1 Not Defined 0.083% Transitive spring-context-5.3.31.jar spring-boot-starter-web-2.7.18.jar Transitive https://github.com/spring-projects/spring-framework.git - v6.1.20 ,org.springframework:spring-context:6.1.20,org.springframework:spring-context:6.2.7,https://github.com/spring-projects/spring-framework.git - v6.2.7 None

Reachable
CVE-2024-38820

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-core/5.3.31/spring-core-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> spring-boot-2.7.18.jar

       -> ❌ spring-core-5.3.31.jar (Vulnerable Library)

Low 3.1 Not Defined 1.514% Transitive spring-core-5.3.31.jar spring-boot-starter-web-2.7.18.jar Transitive 6.1.14 None

Reachable
CVE-2024-38820

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.31/spring-web-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-json-2.7.18.jar

     -> ❌ spring-web-5.3.31.jar (Vulnerable Library)

Low 3.1 Not Defined 1.514% Transitive spring-web-5.3.31.jar spring-boot-starter-web-2.7.18.jar Transitive 6.1.14 None

Reachable
CVE-2024-38820

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.3.31/spring-webmvc-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> ❌ spring-webmvc-5.3.31.jar (Vulnerable Library)

Low 3.1 Not Defined 1.514% Transitive spring-webmvc-5.3.31.jar spring-boot-starter-web-2.7.18.jar Transitive 6.1.14 None

Reachable
CVE-2024-38820

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-context/5.3.31/spring-context-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-2.7.18.jar

     -> spring-boot-2.7.18.jar

       -> ❌ spring-context-5.3.31.jar (Vulnerable Library)

Low 3.1 Not Defined 1.514% Transitive spring-context-5.3.31.jar spring-boot-starter-web-2.7.18.jar Transitive 6.1.14 None

Reachable
CVE-2026-22735

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.31/spring-web-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-json-2.7.18.jar

     -> ❌ spring-web-5.3.31.jar (Vulnerable Library)

Low 2.6 Not Defined 0.092% Transitive spring-web-5.3.31.jar spring-boot-starter-web-2.7.18.jar Transitive org.springframework:spring-webmvc:7.0.6,https://github.com/spring-projects/spring-framework.git - v7.0.6,https://github.com/spring-projects/spring-framework.git - v6.1.21,org.springframework:spring-web:7.0.6,org.springframework:spring-web:6.2.17,org.springframework:spring-webmvc:6.2.17,https://github.com/spring-projects/spring-framework.git - v6.2.17 None

Reachable
CVE-2026-22735

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.3.31/spring-webmvc-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> ❌ spring-webmvc-5.3.31.jar (Vulnerable Library)

Low 2.6 Not Defined 0.092% Transitive spring-webmvc-5.3.31.jar spring-boot-starter-web-2.7.18.jar Transitive org.springframework:spring-webmvc:7.0.6,https://github.com/spring-projects/spring-framework.git - v7.0.6,https://github.com/spring-projects/spring-framework.git - v6.1.21,org.springframework:spring-web:7.0.6,org.springframework:spring-web:6.2.17,org.springframework:spring-webmvc:6.2.17,https://github.com/spring-projects/spring-framework.git - v6.2.17 None

Reachable
CVE-2016-1000027

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-web/5.3.31/spring-web-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> spring-boot-starter-json-2.7.18.jar

     -> ❌ spring-web-5.3.31.jar (Vulnerable Library)

Critical 9.8 Not Defined 60.417% Transitive spring-web-5.3.31.jar spring-boot-starter-web-2.7.18.jar Transitive 6.0.0 None

Unreachable
CVE-2026-41901

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf-spring5/3.0.15.RELEASE/thymeleaf-spring5-3.0.15.RELEASE.jar

Dependency Hierarchy:

-> spring-boot-starter-thymeleaf-2.7.18.jar (Root Library)

   -> ❌ thymeleaf-spring5-3.0.15.RELEASE.jar (Vulnerable Library)

Critical 9.0 Not Defined 0.104% Transitive thymeleaf-spring5-3.0.15.RELEASE.jar spring-boot-starter-thymeleaf-2.7.18.jar Transitive org.thymeleaf:thymeleaf-spring6:3.1.5.RELEASE,org.thymeleaf:thymeleaf-spring5:3.1.5.RELEASE,org.thymeleaf:thymeleaf:3.1.5.RELEASE None

Unreachable
CVE-2026-41901

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.15.RELEASE/thymeleaf-3.0.15.RELEASE.jar

Dependency Hierarchy:

-> spring-boot-starter-thymeleaf-2.7.18.jar (Root Library)

   -> thymeleaf-spring5-3.0.15.RELEASE.jar

     -> ❌ thymeleaf-3.0.15.RELEASE.jar (Vulnerable Library)

Critical 9.0 Not Defined 0.104% Transitive thymeleaf-3.0.15.RELEASE.jar spring-boot-starter-thymeleaf-2.7.18.jar Transitive org.thymeleaf:thymeleaf-spring6:3.1.5.RELEASE,org.thymeleaf:thymeleaf-spring5:3.1.5.RELEASE,org.thymeleaf:thymeleaf:3.1.5.RELEASE None

Unreachable
CVE-2026-40478

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.15.RELEASE/thymeleaf-3.0.15.RELEASE.jar

Dependency Hierarchy:

-> spring-boot-starter-thymeleaf-2.7.18.jar (Root Library)

   -> thymeleaf-spring5-3.0.15.RELEASE.jar

     -> ❌ thymeleaf-3.0.15.RELEASE.jar (Vulnerable Library)

Critical 9.0 Not Defined 0.055% Transitive thymeleaf-3.0.15.RELEASE.jar spring-boot-starter-thymeleaf-2.7.18.jar Transitive 3.1.4.RELEASE None

Unreachable
CVE-2026-40478

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf-spring5/3.0.15.RELEASE/thymeleaf-spring5-3.0.15.RELEASE.jar

Dependency Hierarchy:

-> spring-boot-starter-thymeleaf-2.7.18.jar (Root Library)

   -> ❌ thymeleaf-spring5-3.0.15.RELEASE.jar (Vulnerable Library)

Critical 9.0 Not Defined 0.055% Transitive thymeleaf-spring5-3.0.15.RELEASE.jar spring-boot-starter-thymeleaf-2.7.18.jar Transitive 3.1.4.RELEASE None

Unreachable
CVE-2026-40477

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf/3.0.15.RELEASE/thymeleaf-3.0.15.RELEASE.jar

Dependency Hierarchy:

-> spring-boot-starter-thymeleaf-2.7.18.jar (Root Library)

   -> thymeleaf-spring5-3.0.15.RELEASE.jar

     -> ❌ thymeleaf-3.0.15.RELEASE.jar (Vulnerable Library)

Critical 9.0 Not Defined 0.055% Transitive thymeleaf-3.0.15.RELEASE.jar spring-boot-starter-thymeleaf-2.7.18.jar Transitive 3.1.4.RELEASE None

Unreachable
CVE-2026-40477

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/thymeleaf/thymeleaf-spring5/3.0.15.RELEASE/thymeleaf-spring5-3.0.15.RELEASE.jar

Dependency Hierarchy:

-> spring-boot-starter-thymeleaf-2.7.18.jar (Root Library)

   -> ❌ thymeleaf-spring5-3.0.15.RELEASE.jar (Vulnerable Library)

Critical 9.0 Not Defined 0.055% Transitive thymeleaf-spring5-3.0.15.RELEASE.jar spring-boot-starter-thymeleaf-2.7.18.jar Transitive 3.1.4.RELEASE None

Unreachable
CVE-2024-38819

Path to dependency file: /test-app/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/org/springframework/spring-webmvc/5.3.31/spring-webmvc-5.3.31.jar

Dependency Hierarchy:

-> spring-boot-starter-web-2.7.18.jar (Root Library)

   -> ❌ spring-webmvc-5.3.31.jar (Vulnerable Library)

High 7.5 Not Defined 93.306% Transitive spring-webmvc-5.3.31.jar spring-boot-starter-web-2.7.18.jar Transitive 6.1.14 None

Unreachable

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2023-20861 spring-expression-5.2.10.RELEASE.jar
CVE-2022-22950 spring-expression-5.2.10.RELEASE.jar
CVE-2025-11226 logback-core-1.2.3.jar
CVE-2020-36518 jackson-databind-2.11.3.jar
CVE-2022-38750 snakeyaml-1.26.jar
CVE-2022-41854 snakeyaml-1.26.jar
CVE-2026-40477 thymeleaf-spring5-3.0.11.RELEASE.jar
CVE-2022-38752 snakeyaml-1.26.jar
CVE-2025-22235 spring-boot-2.3.5.RELEASE.jar
CVE-2026-22745 spring-webmvc-5.2.10.RELEASE.jar
CVE-2024-22259 spring-web-5.2.10.RELEASE.jar
CVE-2026-22741 spring-webmvc-5.2.10.RELEASE.jar
CVE-2022-22970 spring-beans-5.2.10.RELEASE.jar
CVE-2023-6378 logback-classic-1.2.3.jar
CVE-2021-22096 spring-webmvc-5.2.10.RELEASE.jar
CVE-2022-22965 spring-webmvc-5.2.10.RELEASE.jar
CVE-2021-42550 logback-classic-1.2.3.jar
CVE-2021-46877 jackson-databind-2.11.3.jar
CVE-2024-38820 spring-context-5.2.10.RELEASE.jar
CVE-2025-52999 jackson-core-2.11.3.jar
CVE-2026-22735 spring-webmvc-5.2.10.RELEASE.jar
CVE-2026-40477 thymeleaf-3.0.11.RELEASE.jar
CVE-2026-1225 logback-core-1.2.3.jar
WS-2022-0468 jackson-core-2.11.3.jar
CVE-2021-42550 logback-core-1.2.3.jar
CVE-2023-6378 logback-core-1.2.3.jar
CVE-2025-49128 jackson-core-2.11.3.jar
CVE-2024-12798 logback-classic-1.2.3.jar
CVE-2023-6481 logback-core-1.2.3.jar
CVE-2026-40478 thymeleaf-spring5-3.0.11.RELEASE.jar
CVE-2016-1000027 spring-web-5.2.10.RELEASE.jar
CVE-2024-38808 spring-expression-5.2.10.RELEASE.jar
CVE-2024-38809 spring-web-5.2.10.RELEASE.jar
CVE-2023-20863 spring-expression-5.2.10.RELEASE.jar
CVE-2024-38820 spring-web-5.2.10.RELEASE.jar
CVE-2021-22060 spring-web-5.2.10.RELEASE.jar
CVE-2024-38828 spring-webmvc-5.2.10.RELEASE.jar
CVE-2022-22965 spring-beans-5.2.10.RELEASE.jar
CVE-2025-41249 spring-core-5.2.10.RELEASE.jar
WS-2021-0616 jackson-core-2.11.3.jar
CVE-2026-22735 spring-web-5.2.10.RELEASE.jar
CVE-2022-38751 snakeyaml-1.26.jar
CVE-2025-41242 spring-beans-5.2.10.RELEASE.jar
CVE-2024-22262 spring-web-5.2.10.RELEASE.jar
WS-2026-0003 jackson-core-2.11.3.jar
CVE-2022-22968 spring-context-5.2.10.RELEASE.jar
CVE-2024-38819 spring-webmvc-5.2.10.RELEASE.jar
CVE-2022-38749 snakeyaml-1.26.jar
CVE-2024-38816 spring-webmvc-5.2.10.RELEASE.jar
CVE-2024-22243 spring-web-5.2.10.RELEASE.jar
CVE-2022-42004 jackson-databind-2.11.3.jar
CVE-2024-12798 logback-core-1.2.3.jar
CVE-2022-25857 snakeyaml-1.26.jar
CVE-2021-43466 thymeleaf-spring5-3.0.11.RELEASE.jar
CVE-2021-22096 spring-web-5.2.10.RELEASE.jar
CVE-2026-41901 thymeleaf-3.0.11.RELEASE.jar
CVE-2023-38286 thymeleaf-3.0.11.RELEASE.jar
CVE-2022-22970 spring-core-5.2.10.RELEASE.jar
CVE-2026-40478 thymeleaf-3.0.11.RELEASE.jar
CVE-2022-42003 jackson-databind-2.11.3.jar
CVE-2026-41901 thymeleaf-spring5-3.0.11.RELEASE.jar
WS-2021-0616 jackson-databind-2.11.3.jar
CVE-2022-1471 snakeyaml-1.26.jar
CVE-2024-12801 logback-core-1.2.3.jar
CVE-2023-20883 spring-boot-autoconfigure-2.3.5.RELEASE.jar
CVE-2025-22233 spring-context-5.2.10.RELEASE.jar
CVE-2022-22965 spring-boot-starter-web-2.3.5.RELEASE.jar

Base branch total remaining vulnerabilities: 67
Base branch commit: 302c67d57ff33993b59b4e4a0302421181d2e09c


Total libraries scanned: 34

Scan token: 4cd74e8b7b3b420f937f79c890dbaee6

View more details on Mend for GitHub.com