ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +27262 more potentially affected by CVE-2026-22745 via org.springframework:spring-core (>=6.0.0 <=6.2.17)

org.springframework:spring-core MAVEN version =6.0.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +6925 more potentially affected by CVE-2026-22745 via org.springframework:spring-core (>=7.0.0-M1 <=7.0.6)

org.springframework:spring-core MAVEN version =7.0.0-M1, =0.1.0, =0.1.0, =4.5.0, =4.5.0, =4.5.0, =4.3.0, =4.3.0, =4.3.0, =4.7.0, =4.7.4, =4.7.4, =4.3.0, =4.7.0, =4.5.0, =4.5.0, =4.7.4 and more Source cves: CVE-2026-22745 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-16109618...

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "eventlet-0.39.0-py3-none-any.whl, commons-lang3-3.17.0.jar, spring-core-6.2.10.jar" which is vulnerable to "CVE-2025-58068, CVE-2025-48924, CVE-2025-41249". This bulletin contains information regarding the vulnerability and how it is addressed...

am.ik.access-logger:access-logger (>=0.1.6 <=0.2.0), cn.herodotus.engine:access-core (>=3.1.7.0 <=3.1.7.5) +663 more potentially affected by CVE-2024-22233 via org.springframework:spring-core (=6.0.15)

org.springframework:spring-core MAVEN version =6.0.15 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework:spring-core and may be impacted: - am.ik.access-logger:access-logger =0.1.6, =3.1.7.0, =3.1.7.0, =3.1.7.0, =3.1.7.3, =3.1.7.0,...

at.molindo:molindo-notify (>=1.0.0-alpha-1 <=1.0.0-alpha-2), be.eliwan:ew-profiling-api (>=1.0 <=1.4) +1704 more potentially affected by CVE-2011-2730 via org.springframework:spring-core (>=3.0.0.RELEASE <=3.0.5.RELEASE)

org.springframework:spring-core MAVEN version =3.0.0.RELEASE, =1.0.0-alpha-1, =1.0, =1.0, =0.7, =2.0, =1.1.1, =1.0.2, =1.1.2, =1.2, =1.0.0, =1.0.0, =1.1.0, =3.3.0, =3.4.1 and more Source cves: CVE-2011-2730 Source advisory: OSV:GHSA-WV88-PF73-X22P...

at.molindo:molindo-notify (>=1.0.0-alpha-1 <=1.0.0-alpha-2), be.eliwan:ew-profiling-api (>=1.0 <=1.4) +1704 more potentially affected by CVE-2011-2894 via org.springframework:spring-core (>=3.0.0.RELEASE <=3.0.5.RELEASE)

org.springframework:spring-core MAVEN version =3.0.0.RELEASE, =1.0.0-alpha-1, =1.0, =1.0, =0.7, =2.0, =1.1.1, =1.0.2, =1.1.2, =1.2, =1.0.0, =1.0.0, =1.1.0, =3.3.0, =3.4.1 and more Source cves: CVE-2011-2894 Source advisory: OSV:GHSA-F866-M9MV-2XR3...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +4314 more potentially affected by CVE-2009-1190 via org.springframework:spring-core (>=1.2 <=2.5.6.SEC03)

org.springframework:spring-core MAVEN version =1.2, =1.1, =1.3, =0.0.1, =1.0, =0.3, =1.0, =0.0.1, =1.2.1, =1.2.1, =1.0, =1.0.4 - cf.pgmann.plugins:url-auth-sso =1.0 and more Source cves: CVE-2009-1190 Source advisory: OSV:GHSA-WJJR-H4WH-W6VV...

ai.foremast.metrics:foremast-spring-4x-k8s-metrics (>=0.1.6 <=0.2.0), ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.10 <=0.1.12) +9746 more potentially affected by CVE-2018-15756 via org.springframework:spring-core (>=4.2.0.RELEASE <=4.3.1.RELEASE)

org.springframework:spring-core MAVEN version =4.2.0.RELEASE, =0.1.6, =0.1.10, =0.1.6, =0.1.4-SB1X, =0.0.6, =0.0.11, =0.0.16, =0.0.1, =4.2.1, =4.4.1, =9.1.1, =0.0.1, =1.0.0.RELEASE, =1.1.0.RELEASE and more Source cves: CVE-2018-15756 Source advisory: OSV:GHSA-FFVQ-7W96-97P7...

am.ik.github:reactive-github-client (>=0.0.1 <=0.0.4), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base (>=3.1.0 <=3.2.0) +218 more potentially affected by CVE-2018-15756 via org.springframework:spring-core (=5.0.0.RELEASE)

org.springframework:spring-core MAVEN version =5.0.0.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework:spring-core and may be impacted: - am.ik.github:reactive-github-client =0.0.1, =3.1.0, =3.1.0, =3.1.0, =3.1.0, =3.1.0,...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +17184 more potentially affected by CVE-2016-5007 via org.springframework:spring-core (>=1.2 <=4.3.0.RELEASE)

org.springframework:spring-core MAVEN version =1.2, =1.1, =1.3, =0.0.1, =0.1.6, =0.1.4-SB1X, =0.1.0, =0.1.0, =1.0, =5.0.9, =0.0.20, =0.0.34 - ar.com.onready:spring-resttemplate-logger =1.0.2 - at.chrl:chrl-jms =1.1.0 and more Source cves: CVE-2016-5007 Source advisory: OSV:GHSA-8CRV-49FR-2H6J...

ai.ylyue:yue-library-base (>=Finchley.SR2.SR1 <=Finchley.SR4.1), ai.ylyue:yue-library-base-crypto (>=Finchley.SR4 <=Finchley.SR4.1) +3026 more potentially affected by CVE-2018-1272 via org.springframework:spring-core (>=5.0.0.RELEASE <=5.0.4.RELEASE)

org.springframework:spring-core MAVEN version =5.0.0.RELEASE, =Finchley.SR2.SR1, =Finchley.SR4, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =0.0.1, =0.0.2, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.2.RELEASE, =2.0.2.RELEASE, =2.0.3.RELEASE, =2.0.7.RELEASE and...

ai.ylyue:yue-library-base (>=Finchley.SR2.SR1 <=Finchley.SR4.1), ai.ylyue:yue-library-base-crypto (>=Finchley.SR4 <=Finchley.SR4.1) +3026 more potentially affected by CVE-2018-1271 via org.springframework:spring-core (>=5.0.0.RELEASE <=5.0.4.RELEASE)

org.springframework:spring-core MAVEN version =5.0.0.RELEASE, =Finchley.SR2.SR1, =Finchley.SR4, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =0.0.1, =0.0.2, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.2.RELEASE, =2.0.2.RELEASE, =2.0.3.RELEASE, =2.0.7.RELEASE and...

ai.dev-tools:ai-devtools (>=0.1.12 <=0.1.20), ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0) +1037 more potentially affected by CVE-2018-1258 via org.springframework:spring-core (=5.0.5.RELEASE)

org.springframework:spring-core MAVEN version =5.0.5.RELEASE is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework:spring-core and may be impacted: - ai.dev-tools:ai-devtools =0.1.12, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3.RELEASE,...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +21320 more potentially affected by CVE-2018-1257 via org.springframework:spring-core (>=1.2 <=4.3.16.RELEASE)

org.springframework:spring-core MAVEN version =1.2, =1.1, =1.3, =0.0.1, =0.1.6, =0.1.6, =0.1.4-SB1X, =0.1.0, =4.2.1, =4.4.1, =0.1.0, =1.0, =5.0.9, =5.1.0 and more Source cves: CVE-2018-1257 Source advisory: OSV:GHSA-RCPF-VJ53-7H2M...

ai.dev-tools:ai-devtools (>=0.1.12 <=0.1.20), ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0) +4449 more potentially affected by CVE-2018-11040 via org.springframework:spring-core (>=5.0.0.RELEASE <=5.0.6.RELEASE)

org.springframework:spring-core MAVEN version =5.0.0.RELEASE, =0.1.12, =1.0.0, =Finchley.SR2.SR1, =Finchley.SR4, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =0.0.1, =0.0.2, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.9.RELEASE and more Source cves: CVE-2018-11040...

ai.foremast.metrics:foremast-spring-4x-k8s-metrics (>=0.1.6 <=0.2.0), am.ik.blog:blog-domain (>=4.2.1 <=4.3.6) +5997 more potentially affected by CVE-2018-11040 via org.springframework:spring-core (>=4.3.0.RELEASE <=4.3.17.RELEASE)

org.springframework:spring-core MAVEN version =4.3.0.RELEASE, =0.1.6, =4.2.1, =4.4.1, =1.0.0.RELEASE, =1.0.0, =1.0.2, =1.6, =1.6, =1.6, =1.0.10, =0.6.0, =0.6.0, =0.2.13, =0.2.28 and more Source cves: CVE-2018-11040 Source advisory: OSV:GHSA-F26X-PR96-VW86...