CVE-2018-1274 — CVSS 7.5 (high): Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability…
CVE-2018-1259 — CVSS 7.5 (high): Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions…
CVE-2026-41695 — CVSS 7.5 (high): Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path…
CVE-2026-41716 — CVSS 7.5 (high): Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap…
CVE-2026-41721 — CVSS 5.9 (medium): Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in…
CVE-2026-41711 — CVSS 5.9 (medium): Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when…