85 matches found
CLEANSTART-2026-BK91157 Security fixes for ghsa-xmrv-pmrh-hhx2 applied in versions: 1.35.17-r0
Security vulnerability affects the weaviate-fips package. This issue is resolved in later releases. See references for vulnerability details...
CLEANSTART-2026-FL19517 Security fixes for ghsa-xmrv-pmrh-hhx2 applied in versions: 1.35.17-r0
Security vulnerability affects the weaviate-fips package. This issue is resolved in later releases. See references for vulnerability details...
CLEANSTART-2026-ON41795 Security fixes for ghsa-xmrv-pmrh-hhx2 applied in versions: 1.35.17-r0
Security vulnerability affects the weaviate-fips package. This issue is resolved in later releases. See references for vulnerability details...
CLEANSTART-2026-QO72222 Security fixes for ghsa-xmrv-pmrh-hhx2 applied in versions: 1.35.17-r0
Security vulnerability affects the weaviate-fips package. This issue is resolved in later releases. See references for vulnerability details...
CLEANSTART-2026-HJ72983 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, ghsa-6g7g-w4f8-9c9x, ghsa-9h8m-3fm2-qjrq, ghsa-j5w8-q4qc-rx2x, ghsa-p77j-4mvh-x3m3, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.35.17-r0, 1.35.17-r1, 1.35.2-r0, 1.35.2-r1, 1.35.2-r2
Multiple security vulnerabilities affect the weaviate package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-GU95761 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-33811, CVE-2026-33814, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, ghsa-j5w8-q4qc-rx2x, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.35.2-r0, 1.36.11-r0, 1.36.11-r1
Multiple security vulnerabilities affect the weaviate package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-CK61704 Security fixes for CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.35.17-r0, 1.35.17-r1
Multiple security vulnerabilities affect the weaviate-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-RD75979 Security fixes for CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.35.17-r0, 1.37.0-r0
Multiple security vulnerabilities affect the weaviate-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
Improper Neutralization of Special Elements in Data Query Logic
Overview org.springframework.ai:spring-ai-weaviate-store is a Building AI applications with Spring Boot Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter...
org.springframework.ai:spring-ai-starter-vector-store-weaviate (>=1.0.0 <=1.0.5), org.springframework.ai:spring-ai-weaviate-store-spring-boot-starter (>=1.0.0-M5 <=1.0.0-M6) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-weaviate-store (>=1.0.0-M5 <=1.0.5)
org.springframework.ai:spring-ai-weaviate-store MAVEN version =1.0.0-M5, =1.0.0, =1.0.0-M5, =1.0.0-M6 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321397...
org.springframework.ai:spring-ai-starter-vector-store-weaviate (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-weaviate-store (>=1.1.0-M1 <=1.1.4)
org.springframework.ai:spring-ai-weaviate-store MAVEN version =1.1.0-M1, =1.1.0, =1.1.4 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321397...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: amazon-ssm-agent-fips, commercial-grafana, pulumi, tkn-fips, falcoctl, rclone, localstack, libnvidia-container, crane-fips, argo-cd-fips, dive, image-factory-fips, rancher-helm, tekton-chains-fips, nemo, caddy, calico, neuvector-scanner, fscrypt, gh, kubevela-fips,...
GHSA-X4JJ-H2V8-HQQV vulnerabilities
Vulnerabilities for packages: amazon-ssm-agent-fips, commercial-grafana, pulumi, tkn-fips, falcoctl, rclone, localstack, libnvidia-container, crane-fips, argo-cd-fips, dive, image-factory-fips, rancher-helm, tekton-chains-fips, nemo, caddy, calico, neuvector-scanner, fscrypt, gh, kubevela-fips,...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: amazon-ssm-agent-fips, nodetaint, rke2-cloud-provider-fips, commercial-grafana, pulumi, tkn-fips, kubernetes-ingress-defaultbackend-fips, falcoctl, mongodb-kubernetes-operator-fips, cert-manager-openshift-routes, victoriametrics, rclone, git-lfs-fips,...
CVE-2026-34986 vulnerabilities
Vulnerabilities for packages: skopeo-fips, amazon-ssm-agent-fips, pulumi, tkn-fips, falcoctl, azcopy, k9s, sops-fips, flyte, gotrue-fips, opencost-fips, kiali-fips, containerd, argo-cd-fips, image-factory-fips, crossplane-provider-gcp-fips, reports-server, kyverno-policy-reporter,...
CLEANSTART-2026-RR25843 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-6g7g-w4f8-9c9x, ghsa-9h8m-3fm2-qjrq, ghsa-j5w8-q4qc-rx2x, ghsa-p77j-4mvh-x3m3 applied in versions: 1.35.2-r0, 1.35.2-r1, 1.35.2-r2
Multiple security vulnerabilities affect the weaviate package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-UO45926 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, ghsa-j5w8-q4qc-rx2x applied in versions: 1.35.2-r0
Multiple security vulnerabilities affect the weaviate package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-32285 vulnerabilities
Vulnerabilities for packages: goreleaser, grafana-alloy, terraform-mcp-server, lazygit, rclone, mcp-grafana, minio, grafana, kubevela, dgraph, dagger, maru, prometheus, weaviate, cri-tools, witness, k8sgpt, ollama, nfpm, opentelemetry-collector-contrib, gitlab-runner, loki, opentelemetry-collecto...
Path Traversal
github.com/weaviate/weaviate is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of the fileName field in the transfer logic, which allows an attacker who can invoke the GetFile method while a shard is in the “Pause file activity” state and the...
EUVD-2026-3717
Malicious code in weaviate-js npm...