Spring ai

This hub aggregates every CVE we track for Spring ai, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Spring ai.

• CVE-2026-47835Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores8.6Jun 15, 2026
• CVE-2026-41863LLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI support for Anthropic Skills API6.5May 25, 2026
• CVE-2026-41713Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor8.2May 12, 2026
• CVE-2026-41712ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage7.5May 12, 2026
• CVE-2026-41705Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upg...8.6May 9, 2026
• CVE-2026-40980In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by `ForkPDFLayoutTextStripper`. Affected versions: Spring AI: 1.0.0 - ...6.5Apr 28, 2026
• CVE-2026-40979In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)6.1Apr 28, 2026
• CVE-2026-40978SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1...8.8Apr 28, 2026
• CVE-2026-40966VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration5.9Apr 28, 2026
• CVE-2026-40967In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are ...8.6Apr 28, 2026
• CVE-2026-22744In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue() inserts the value directly into the @field...7.5Mar 27, 2026
• CVE-2026-22743Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore7.5Mar 27, 2026
• CVE-2026-22742Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching8.6Mar 27, 2026
• CVE-2026-22738SpEL Injection via Unescaped Filter Key in SimpleVectorStore Leads to Remote Code Execution9.8Mar 27, 2026
• CVE-2026-22729CVE-2026-22729: JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter8.6Mar 18, 2026