IndexedVerified

Java/Spring Security

Spring and JVM web SAST rules aggregated across verified providers.

Fetch pack

greprules pack fetch java-spring-security --engine opengrep

curl https://api.greprules.io/api/packs/java-spring-security.tar.gz -o java-spring-security.tar.gz

Total rules: 7
Downloads: 0
Last updated: 2026-06-05
Languages: java

Included rules

CVE-2025-28401: Shiro Missing Csrf Protectioncve-2025-28401-shiro-missing-csrf-protectionCVE-2024-57155: Spring Handler Interceptor Auth Bypass Returns True On Null Usercve-2024-57155-spring-handler-interceptor-auth-bypass-returns-true-on-null-userCVE-2025-58748: Dataease Jdbc Url Scheme Not Validatedcve-2025-58748-dataease-jdbc-url-scheme-not-validatedCVE-2026-32613: Java Spel Standard Evaluation Context Rcecve-2026-32613-java-spel-standard-evaluation-context-rceCVE-2026-40477: Thymeleaf Ssti Incomplete Expression Recognizercve-2026-40477-thymeleaf-ssti-incomplete-expression-recognizerCVE-2026-41901: Thymeleaf Cve 2026 41901 Typename Firstchar Shortcutcve-2026-41901-thymeleaf-cve-2026-41901-typename-firstchar-shortcutCVE-2026-8738: Publiccms Trade Payment Idor Missing Session Usercve-2026-8738-publiccms-trade-payment-idor-missing-session-user