org.springframework.ai:spring-ai-starter-vector-store-weaviate (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-weaviate-store (>=1.1.0-M1 <=1.1.4)

org.springframework.ai:spring-ai-weaviate-store MAVEN version =1.1.0-M1, =1.1.0, =1.1.4 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321397...

org.springframework.ai:spring-ai-mariadb-store-spring-boot-starter (>=1.0.0-M5 <=1.0.0-M6), org.springframework.ai:spring-ai-starter-vector-store-mariadb (>=1.0.0 <=1.0.5) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-mariadb-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-mariadb-store MAVEN version =1.0.0-M5, =1.0.0-M5, =1.0.0, =1.0.5 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321390...

com.alibaba.cloud.ai:spring-ai-alibaba-autoconfigure-memory-long (>=1.1.0.0 <=1.1.2.3), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-long (>=1.1.0.0 <=1.1.2.3) +5 more potentially affected by CVE-2026-40966 via org.springframework.ai:spring-ai-advisors-vector-store (>=1.1.0-M3 <=1.1.4)

org.springframework.ai:spring-ai-advisors-vector-store MAVEN version =1.1.0-M3, =1.1.0.0, =1.1.0.0, =1.1.0.0, =0.0.6, =4.17.0, =4.17.0, =4.20.0 - org.vrspace:server =0.8.7 Source cves: CVE-2026-40966 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16316424...

ai.intelliswarm:swarmai-core (>=1.0.0 <=1.0.28), ai.intelliswarm:swarmai-distributed (>=1.0.0 <=1.0.28) +12 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-pgvector-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-pgvector-store MAVEN version =1.0.0-M5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =4.2.3, =0.0.1, =1.0.0-M5, =1.0.0, =1.0.5 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321394...

org.springframework.ai:spring-ai-starter-vector-store-couchbase (>=1.0.0 <=1.0.5) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-couchbase-store (>=1.0.0-M7 <=1.0.5)

org.springframework.ai:spring-ai-couchbase-store MAVEN version =1.0.0-M7, =1.0.0, =1.0.5 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16316423...

io.github.vishalmysore:easyQServer (>=0.2.8.11.1 <=0.2.8.12.3), org.springframework.ai:spring-ai-mongodb-atlas-store-spring-boot-starter (>=1.0.0-M5 <=1.0.0-M6) +1 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-mongodb-atlas-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-mongodb-atlas-store MAVEN version =1.0.0-M5, =0.2.8.11.1, =1.0.0-M5, =1.0.0, =1.0.5 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321392...

com.thecookiezen:archiledger-core (>=0.0.4 <=0.0.5), org.springframework.ai:spring-ai-starter-model-transformers (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40979 via org.springframework.ai:spring-ai-autoconfigure-model-transformers (>=1.1.0-M1 <=1.1.4)

org.springframework.ai:spring-ai-autoconfigure-model-transformers MAVEN version =1.1.0-M1, =0.0.4, =1.1.0, =1.1.4 Source cves: CVE-2026-40979 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16316420...

Insufficiently Protected Credentials

Overview org.springframework.ai:spring-ai-autoconfigure-model-transformers is a Spring AI ONNX Transformers Auto Configuration Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the default cache directory used by TransformersEmbeddingModel. An attacker c...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-oracle-store is an AI Vector Search from Oracle Database 23ai+ as a Spring AI Vector Store Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementation...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-gemfire-store is a Spring AI GemFire Vector Store Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying vecto...

org.springframework.ai:spring-ai-gemfire-store-spring-boot-starter (>=1.0.0-M5 <=1.0.0-M6), org.springframework.ai:spring-ai-starter-vector-store-gemfire (>=1.0.0 <=1.0.5) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-gemfire-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-gemfire-store MAVEN version =1.0.0-M5, =1.0.0-M5, =1.0.0, =1.0.5 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321389...

com.alibaba.cloud.ai:spring-ai-alibaba-autoconfigure-rag-elasticsearch (>=1.1.0.0 <=1.1.2.3), com.alibaba.cloud.ai:spring-ai-alibaba-rag (>=1.1.0.0 <=1.1.2.3) +2 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-elasticsearch-store (>=1.1.0-M1 <=1.1.4)

org.springframework.ai:spring-ai-elasticsearch-store MAVEN version =1.1.0-M1, =1.1.0.0, =1.1.0.0, =1.1.0.0, =1.1.0, =1.1.4 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321388...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-milvus-store is a Spring AI Vector Store - Milvus Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying vecto...

SQL Injection

Overview org.springframework.ai:spring-ai-azure-cosmos-db-store is a Spring AI Vector Store for Azure Cosmos DB Affected versions of this package are vulnerable to SQL Injection via document ID handling in CosmosDBVectorStore. An attacker can execute arbitrary SQL queries by supplying crafted...

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying vector store queries by supplying crafted filter expressions, as keys and values are not...

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying vector store queries by supplying crafted filter expressions, as keys and values are not...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-couchbase-store is a Spring AI Couchbase Vector Store Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-pgvector-store is a Spring AI PGVector Vector Store Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-elasticsearch-store is a Spring AI Elasticsearch Vector Store Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter...

org.springframework.ai:spring-ai-starter-vector-store-azure-cosmos-db (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40978 via org.springframework.ai:spring-ai-azure-cosmos-db-store (>=1.1.0-M1 <=1.1.4)

org.springframework.ai:spring-ai-azure-cosmos-db-store MAVEN version =1.1.0-M1, =1.1.0, =1.1.4 Source cves: CVE-2026-40978 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16316419...