org.springframework.boot:spring-boot-starter-actuator

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.springframework.boot:spring-boot-starter-actuatorpage 1 of 1

CVE-2026-22731HIGHCVSS 8.2EG 8.2✓ Fixed in 4.0.4
2026-03-19
vulnerable: 4.0.0 ... 4.0.3 (9 versions)
Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additio…
CVE-2026-22733HIGHCVSS 8.2EG 8.2
2026-03-20
vulnerable: 1.0.0.RELEASE ... 2.7.9 (186 versions)
Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This is…

Check whether org.springframework.boot:spring-boot-starter-actuator is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.springframework.boot:spring-boot-starter-actuator CVEs against the assets you own.

Start Free Scan →