Maven package
org.springframework.ai/spring-ai-vector-store
pkg:maven/org.springframework.ai/spring-ai-vector-store
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40967 | Hig | 8.6 | >= 1.0.0, < 1.0.6 | 1.0.6 | Apr 28, 2026 | In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions | |
| CVE-2026-22738 | Cri | 9.8 | >= 1.0.0, < 1.0.5 | 1.0.5 | Mar 27, 2026 | In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a f | |
| CVE-2026-22729 | Hig | 8.6 | >= 1.1.0-M1, < 1.1.3 | 1.1.3 | Mar 18, 2026 | A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath querie |
- affected >= 1.0.0, < 1.0.6fixed 1.0.6
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions
- affected >= 1.0.0, < 1.0.5fixed 1.0.5
In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a f
- affected >= 1.1.0-M1, < 1.1.3fixed 1.1.3
A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath querie