4 matches found
org.springframework.ai:spring-ai-starter-model-transformers (>=1.0.0 <=1.0.5) potentially affected by CVE-2026-40979 via org.springframework.ai:spring-ai-autoconfigure-model-transformers (>=1.0.0-M7 <=1.0.5)
org.springframework.ai:spring-ai-autoconfigure-model-transformers MAVEN version =1.0.0-M7, =1.0.0, =1.0.5 Source cves: CVE-2026-40979 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16316420...
Insufficiently Protected Credentials
Overview org.springframework.ai:spring-ai-autoconfigure-model-transformers is a Spring AI ONNX Transformers Auto Configuration Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the default cache directory used by TransformersEmbeddingModel. An attacker c...
com.embabel.agent:embabel-agent-bedrock-autoconfigure (=0.2.0), com.embabel.agent:embabel-agent-starter-bedrock (=0.2.0) +2 more potentially affected by CVE-2026-22742 via org.springframework.ai:spring-ai-autoconfigure-model-bedrock-ai (>=1.0.0-M7 <=1.0.4)
org.springframework.ai:spring-ai-autoconfigure-model-bedrock-ai MAVEN version =1.0.0-M7, =1.0.0, =1.0.0, =1.0.4 Source cves: CVE-2026-22742 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-15791533...
com.embabel.agent:embabel-agent-bedrock-autoconfigure (>=0.3.0 <=0.3.4), com.embabel.agent:embabel-agent-starter-bedrock (>=0.3.0 <=0.3.4) +2 more potentially affected by CVE-2026-22742 via org.springframework.ai:spring-ai-autoconfigure-model-bedrock-ai (>=1.1.0-M1 <=1.1.3)
org.springframework.ai:spring-ai-autoconfigure-model-bedrock-ai MAVEN version =1.1.0-M1, =0.3.0, =0.3.0, =1.1.0, =1.1.0, =1.1.3 Source cves: CVE-2026-22742 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-15791533...