Vmware Spring Data Mongodb — known CVE vulnerabilities
Every CVE whose affected-product data names Vmware Spring Data Mongodb, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2022-22980 — CVSS 9.8 (critical): A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL…
CVE-2026-41717 — CVSS 8.1 (high): Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during parameter…
CVE-2026-41696 — CVSS 5.9 (medium): Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the…