VYPR

Maven package

org.springframework.ai/spring-ai-neo4j-store

pkg:maven/org.springframework.ai/spring-ai-neo4j-store

Vulnerabilities (1)

  • CVE-2026-22743HigMar 27, 2026
    affected >= 1.0.0-M5, < 1.0.5fixed 1.0.5

    Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey() embeds the key into a