librsvg2-bin 安全漏洞

librsvg2-bin is a GNOME open-source command-line tool set that provides functions for rendering and converting SVG images. Version 2.40.13 of librsvg2-bin contains a security vulnerability. This vulnerability stems from a buffer overflow, which could allow local attackers to cause denial-of-servi...

PT-2026-35988

librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the rsvg conversion tool to trigger a segmentation fault in the cairo image compositor...

CVE-2026-38948

Cross-Site Scripting XSS vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, allowing a low-privileged authenticated user to upload a crafted SVG file containing malicious code...

org.springframework.ai:spring-ai-starter-vector-store-azure-cosmos-db (>=1.0.0 <=1.0.5) potentially affected by CVE-2026-40978 via org.springframework.ai:spring-ai-azure-cosmos-db-store (>=1.0.0 <=1.0.5)

org.springframework.ai:spring-ai-azure-cosmos-db-store MAVEN version =1.0.0, =1.0.0, =1.0.5 Source cves: CVE-2026-40978 Source advisory: OSV:GHSA-63C8-M9M2-CVR3...

com.thecookiezen:archiledger-core (>=0.0.4 <=0.0.5), io.github.massimilianopili:mcp-vector-tools (=0.3.1) +1 more potentially affected by CVE-2026-40979 via org.springframework.ai:spring-ai-transformers (>=1.1.0 <=1.1.4)

org.springframework.ai:spring-ai-transformers MAVEN version =1.1.0, =0.0.4, =1.1.0, =1.1.4 Source cves: CVE-2026-40979 Source advisory: OSV:GHSA-R5HP-3CGJ-J6XV...

org.springframework.ai:spring-ai-starter-vector-store-azure-cosmos-db (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40978 via org.springframework.ai:spring-ai-azure-cosmos-db-store (>=1.1.0 <=1.1.4)

org.springframework.ai:spring-ai-azure-cosmos-db-store MAVEN version =1.1.0, =1.1.0, =1.1.4 Source cves: CVE-2026-40978 Source advisory: OSV:GHSA-63C8-M9M2-CVR3...

com.alibaba.cloud.ai:spring-ai-alibaba-autoconfigure-memory-long (>=1.1.0.0 <=1.1.2.3), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-long (>=1.1.0.0 <=1.1.2.3) +5 more potentially affected by CVE-2026-40966 via org.springframework.ai:spring-ai-advisors-vector-store (>=1.1.0 <=1.1.4)

org.springframework.ai:spring-ai-advisors-vector-store MAVEN version =1.1.0, =1.1.0.0, =1.1.0.0, =1.1.0.0, =0.0.6, =4.17.0, =4.17.0, =4.20.0 - org.vrspace:server =0.8.7 Source cves: CVE-2026-40966 Source advisory: OSV:GHSA-V6X6-PJXW-3PV2...

com.alibaba.cloud.ai.autoconfigure.memory.long:spring-ai-alibaba-autoconfigure-memory-long (=1.0.0.4), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-long (=1.0.0.4) +3 more potentially affected by CVE-2026-40966 via org.springframework.ai:spring-ai-advisors-vector-store (>=1.0.0 <=1.0.1)

org.springframework.ai:spring-ai-advisors-vector-store MAVEN version =1.0.0, =1.0.0.1, =1.0.0.3-20260305-cve - com.alibaba.cloud.ai:spring-ai-alibaba-studio-client =1.0.0.4 Source cves: CVE-2026-40966 Source advisory: OSV:GHSA-V6X6-PJXW-3PV2...

GHSA-QC4J-QJQX-VR58 Spring AI has a VectorStore FilterExpression Converter injection

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

ai.driftkit:driftkit-vector-spring-ai (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-vector-spring-ai-starter (>=0.6.0 <=0.8.7) +193 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-vector-store (>=1.0.0 <=1.0.5)

org.springframework.ai:spring-ai-vector-store MAVEN version =1.0.0, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =1.0.28 - com.alibaba.cloud.ai.autoconfigure.memory.long:spring-ai-alibaba-autoconfigure-memory-long =1.0.0.4 -...

ai.koog:koog-spring-ai-starter-vector-store (>=0.8.0 <=0.8.0-rc-1), ai.telosforge:kimaira-starter-agentic (>=1.2.4 <=1.2.6) +240 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-vector-store (>=1.1.0 <=1.1.4)

org.springframework.ai:spring-ai-vector-store MAVEN version =1.1.0, =0.8.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =25.4.0, =1.21.2, =0.1.0, =0.3.0, =1.1.0.0, =1.1.0.0, =1.1.0.0, =1.1.2.3 and more Source cves: CVE-2026-40967 Source advisory: OSV:GHSA-QC4J-QJQX-VR58...

Spring AI has a VectorStore FilterExpression Converter injection

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

CVE-2026-40978

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

CVE-2026-40978

Summary: CVE-2026-40978 is a SQL injection vulnerability in Spring AI’s CosmosDBVectorStore. Affected versions: Spring AI 1.0.0–1.0.5 (fixed in 1.0.6) and 1.1.0–1.1.4 (fixed in 1.1.5). Issue: Attackers can trigger arbitrary SQL queries via crafted document IDs, enabling high-severity impact as pe...

EUVD-2026-26011

SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

CVE-2026-40967

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...

EUVD-2026-26002

In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input a...

CVE-2026-40966 VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration

In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input a...

CVE-2026-40967

Summary : CVE-2026-40967 affects Spring AI 1.0.0–1.0.5 (fix in 1.0.6) and 1.1.0–1.1.4 (fix in 1.1.5). In several FilterExpressionConverter implementations, filter expression keys/values aren’t properly escaped, enabling an attacker to alter vector store queries. This could impact query integrity ...

CVE-2026-40967

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...