org.springframework.ai:spring-ai-mariadb-store-spring-boot-starter (>=1.0.0-M5 <=1.0.0-M6), org.springframework.ai:spring-ai-starter-vector-store-mariadb (>=1.0.0 <=1.0.5) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-mariadb-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-mariadb-store MAVEN version =1.0.0-M5, =1.0.0-M5, =1.0.0, =1.0.5 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321390...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-pgvector-store is a Spring AI PGVector Vector Store Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying...

PT-2026-35547

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

ai.telosforge:kimaira-starter-etl (>=1.2.4 <=1.2.6), cn.echoparrot:echoparrot-application (=25.4.0) +12 more potentially affected by CVE-2026-40980 via org.springframework.ai:spring-ai-pdf-document-reader (>=1.1.0-M3 <=1.1.2)

org.springframework.ai:spring-ai-pdf-document-reader MAVEN version =1.1.0-M3, =1.2.4, =25.4.0, =1.1.0.0, =1.1.0.0, =1.1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =.30.0.rc5, =3.3.0.rc2, =3.3.0.rc2, =3.30.0.rc12 Source cves: CVE-2026-40980 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16316421...

org.springframework.ai:spring-ai-starter-vector-store-gemfire (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-gemfire-store (>=1.1.0-M1 <=1.1.4)

org.springframework.ai:spring-ai-gemfire-store MAVEN version =1.1.0-M1, =1.1.0, =1.1.4 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321389...

org.springframework.ai:spring-ai-starter-vector-store-weaviate (>=1.0.0 <=1.0.5), org.springframework.ai:spring-ai-weaviate-store-spring-boot-starter (>=1.0.0-M5 <=1.0.0-M6) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-weaviate-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-weaviate-store MAVEN version =1.0.0-M5, =1.0.0, =1.0.0-M5, =1.0.0-M6 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321397...

org.springframework.ai:spring-ai-oracle-store-spring-boot-starter (>=1.0.0-M5 <=1.0.0-M6), org.springframework.ai:spring-ai-starter-vector-store-oracle (>=1.0.0 <=1.0.5) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-oracle-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-oracle-store MAVEN version =1.0.0-M5, =1.0.0-M5, =1.0.0, =1.0.5 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321393...

ai.intelliswarm:swarmai-core (>=1.0.0 <=1.0.23), ai.intelliswarm:swarmai-distributed (>=1.0.0 <=1.0.23) +9 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-pgvector-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-pgvector-store MAVEN version =1.0.0-M5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.2.3, =0.0.1, =1.0.0-M5, =1.0.0, =1.0.5 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321394...

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying vector store queries by supplying crafted filter expressions, as keys and values are not...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-gemfire-store is a Spring AI GemFire Vector Store Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying vecto...

Insufficiently Protected Credentials

Overview org.springframework.ai:spring-ai-autoconfigure-model-transformers is a Spring AI ONNX Transformers Auto Configuration Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the default cache directory used by TransformersEmbeddingModel. An attacker c...

Allocation of Resources Without Limits or Throttling

Overview org.springframework.ai:spring-ai-pdf-document-reader is a Spring AI PDF document reader Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via ForkPDFLayoutTextStripper. An attacker can cause denial of service by supplying a crafted P...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-mongodb-atlas-store is a Spring AI Vector Store - MongoDB Atlas Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-oracle-store is an AI Vector Search from Oracle Database 23ai+ as a Spring AI Vector Store Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementation...

PT-2026-35539

Name of the Vulnerable Software and Affected Versions Spring Boot versions 4.0.0 through 4.0.5 Spring Boot versions 3.5.0 through 3.5.13 Description When configured to use an SSL bundle, the RabbitMQ auto-configuration fails to perform hostname verification during the connection process to the...

com.alibaba.cloud.ai.autoconfigure.memory.long:spring-ai-alibaba-autoconfigure-memory-long (=1.0.0.4), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-long (=1.0.0.4) +2 more potentially affected by CVE-2026-40966 via org.springframework.ai:spring-ai-advisors-vector-store (>=1.0.0 <=1.0.1)

org.springframework.ai:spring-ai-advisors-vector-store MAVEN version =1.0.0, =1.0.0.1, =1.0.0.3-20260305-cve Source cves: CVE-2026-40966 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16316424...

com.thecookiezen:archiledger-core (>=0.0.4 <=0.0.5), org.springframework.ai:spring-ai-starter-model-transformers (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40979 via org.springframework.ai:spring-ai-autoconfigure-model-transformers (>=1.1.0-M1 <=1.1.4)

org.springframework.ai:spring-ai-autoconfigure-model-transformers MAVEN version =1.1.0-M1, =0.0.4, =1.1.0, =1.1.4 Source cves: CVE-2026-40979 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16316420...

org.springframework.ai:spring-ai-starter-model-transformers (>=1.0.0 <=1.0.5) potentially affected by CVE-2026-40979 via org.springframework.ai:spring-ai-autoconfigure-model-transformers (>=1.0.0-M7 <=1.0.5)

org.springframework.ai:spring-ai-autoconfigure-model-transformers MAVEN version =1.0.0-M7, =1.0.0, =1.0.5 Source cves: CVE-2026-40979 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16316420...

org.springframework.ai:spring-ai-starter-vector-store-typesense (>=1.0.0 <=1.0.5), org.springframework.ai:spring-ai-typesense-store-spring-boot-starter (>=1.0.0-M5 <=1.0.0-M6) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-typesense-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-typesense-store MAVEN version =1.0.0-M5, =1.0.0, =1.0.0-M5, =1.0.0-M6 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321396...

com.alibaba.cloud.ai:spring-ai-alibaba-studio-server-admin (=1.0.0.4), com.alibaba.cloud.ai:spring-ai-alibaba-studio-server-core (=1.0.0.4) +4 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-elasticsearch-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-elasticsearch-store MAVEN version =1.0.0-M5, =4.2.3, =1.0.0-M5, =1.0.0, =1.0.5 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321388...