Does org.springframework.boot:spring-boot-starter-actuator have known vulnerabilities?

Yes. org.springframework.boot:spring-boot-starter-actuator has 2 known vulnerabilities. See depscope.dev/pkg/maven/org.springframework.boot:spring-boot-starter-actuator for details.

What are alternatives to org.springframework.boot:spring-boot-starter-actuator?

DepScope has no curated alternatives for org.springframework.boot:spring-boot-starter-actuator at this time.

What license does org.springframework.boot:spring-boot-starter-actuator use?

org.springframework.boot:spring-boot-starter-actuator is licensed under Apache-2.0.

org.springframework.boot:spring-boot-starter-actuator

mavenv3.5.3

Starter for using Spring Boot's Actuator which provides production ready features to help you monitor and manage your application

License Apache-2.0permissive252 versions0 deps

spring-projects/spring-boot

/ 100

Health

update required

org.springframework.boot:[email protected] has vulnerabilities — update to latest

Update to >= 3.5.12 to fix known vulnerabilities

2 high severity vulnerabilities

Health breakdown0 – 100

10/25

maintenance

0/20

popularity

15/25

security

15/15

maturity

0/15

community

Vulnerabilities

2 high

Advisories (2)

Severity	ID	Summary	Fixed in
high	CVE-2026-22731	Spring Boot has an Authentication Bypass under Actuator Health groups paths	4.0.4
high	CVE-2026-22733	Spring Boot has an Authentication Bypass under Actuator CloudFoundry endpoints	3.5.12

Maintainer trust

Active maintainers (3m)

7

Contributors (12m)

7

Primary author dominance

77%

GitHub stars

80,463

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/maven/org.springframework.boot:spring-boot-starter-actuator

Last updated · 2025-06-20T05:27:40+00:00