com.chinagoods.framework.thinkcloud:think-cloud-starter-ai-vector-redis (>=4.2.3 <=4.2.6), org.springframework.ai:spring-ai-redis-store-spring-boot-starter (>=1.0.0-M5 <=1.0.0-M6) +2 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-redis-store (>=1.0.0-M5 <=1.0.5)

org.springframework.ai:spring-ai-redis-store MAVEN version =1.0.0-M5, =4.2.3, =1.0.0-M5, =1.0.0, =1.3.0, =1.3.8 Source cves: CVE-2026-40967 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16321395...

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter underlying vector store queries by supplying crafted filter expressions, as keys and values are not...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the RedisFilterExpressionConverter function. An attacker can access sensitive information by injecting specially crafted input into the filter value for a TAG field, which is inserted directly into the...

org.springframework.ai:spring-ai-starter-vector-store-redis (>=1.1.0 <=1.1.3) potentially affected by CVE-2026-22744 via org.springframework.ai:spring-ai-redis-store (>=1.1.0-M1 <=1.1.3)

org.springframework.ai:spring-ai-redis-store MAVEN version =1.1.0-M1, =1.1.0, =1.1.3 Source cves: CVE-2026-22744 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-15791529...

com.chinagoods.framework.thinkcloud:think-cloud-starter-ai-vector-redis (>=4.2.3 <=4.2.6), org.springframework.ai:spring-ai-redis-store-spring-boot-starter (>=1.0.0-M5 <=1.0.0-M6) +2 more potentially affected by CVE-2026-22744 via org.springframework.ai:spring-ai-redis-store (>=1.0.0-M5 <=1.0.4)

org.springframework.ai:spring-ai-redis-store MAVEN version =1.0.0-M5, =4.2.3, =1.0.0-M5, =1.0.0, =1.3.0, =1.3.8 Source cves: CVE-2026-22744 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-15791529...

org.springframework.ai:spring-ai-starter-vector-store-redis (>=1.1.0 <=1.1.3) potentially affected by CVE-2026-22744 via org.springframework.ai:spring-ai-redis-store (>=1.1.0-M1 <=1.1.3)

org.springframework.ai:spring-ai-redis-store MAVEN version =1.1.0-M1, =1.1.0, =1.1.3 Source cves: CVE-2026-22744 Source advisory: OSV:GHSA-44F4-GVWJ-6QG3...

GHSA-44F4-GVWJ-6QG3 Spring AI Redis Store has TAG Field Query Injection Through Improper Neutralization of Special Characters

In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue inserts the value directly into the @field:VALUE RediSearch TAG block without escaping characters. This issue affects Spring AI: from 1.0.0 before...

com.chinagoods.framework.thinkcloud:think-cloud-starter-ai-vector-redis (>=4.2.3 <=4.2.6), org.springframework.ai:spring-ai-redis-store-spring-boot-starter (>=1.0.0-M5 <=1.0.0-M6) +2 more potentially affected by CVE-2026-22744 via org.springframework.ai:spring-ai-redis-store (>=1.0.0-M5 <=1.0.4)

org.springframework.ai:spring-ai-redis-store MAVEN version =1.0.0-M5, =4.2.3, =1.0.0-M5, =1.0.0, =1.3.0, =1.3.8 Source cves: CVE-2026-22744 Source advisory: OSV:GHSA-44F4-GVWJ-6QG3...

Spring AI Redis Store has TAG Field Query Injection Through Improper Neutralization of Special Characters

In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue inserts the value directly into the @field:VALUE RediSearch TAG block without escaping characters. This issue affects Spring AI: from 1.0.0 before...

CVE-2026-22744

In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue inserts the value directly into the @field:VALUE RediSearch TAG block without escaping characters.This issue affects Spring AI: from 1.0.0 before 1.0....

CVE-2026-22744

In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue inserts the value directly into the @field:VALUE RediSearch TAG block without escaping characters.This issue affects Spring AI: from 1.0.0 before 1.0....

EUVD-2017-0357

Malware in sbrugna...

SUSE CVE-2020-8165

A deserialization of untrusted data vulnernerability exists in rails 5.2.4.3, rails 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE...

redis-store deserializes untrusted data

Redis-store prior to 1.4.0 allows unsafe objects to be loaded from redis...

GHSA-2W67-526P-GM73 redis-store deserializes untrusted data

Redis-store prior to 1.4.0 allows unsafe objects to be loaded from redis...

Unsafe Deserialization

redis-store is vulnerable to unsafe deserialization. The marshalling ability of redis-store allows attackers to load unsafe objects from redis. In order to be vulnerable to this, the options:marshalling needs to be used...

CVE-2017-1000248

Redis-store =v1.3.0 allows unsafe objects to be loaded from redis...

CVE-2017-1000248

Redis-store =v1.3.0 allows unsafe objects to be loaded from redis...

UBUNTU-CVE-2017-1000248

Redis-store =v1.3.0 allows unsafe objects to be loaded from redis...

Design/Logic Flaw

Redis-store =v1.3.0 allows unsafe objects to be loaded from redis...