Live Latest activity →

Thymeleaf Thymeleaf Vulnerabilities

2 advisories affecting Thymeleaf Thymeleaf

2

Total CVEs

2

Critical

0

High

CVE-2026-40477

Apr 17, 2026

Critical (9.0)

Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Al...

Read Advisory

CVE-2026-40478

Apr 17, 2026

Critical (9.0)

Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms...

Read Advisory

Never Miss a Critical Alert

CVE advisories, breach reports, and threat intel — delivered daily to your inbox.