Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Spring AI — Vulnerabilities & Security Advisories 16

All 16 CVE vulnerabilities found in Spring AI, with AI-generated Chinese analysis, references, and POCs.

This page aggregates vulnerability data for Spring AI, a popular open-source framework that simplifies the integration of large language models into Java applications. The collected entries primarily cover common weaknesses such as improper input validation, exposure of sensitive information, and insecure default configurations that may arise from improper implementation or third-party dependency usage within the ecosystem. This resource encompasses vulnerability records reported from January 2023 through the present, providing a comprehensive historical view of security issues identified in the product. By utilizing this aggregation, security professionals and developers can track vendor advisories and patches released by the Spring team to mitigate emerging risks. Users can also gain a deeper understanding of specific weakness classes affecting the framework, analyzing trends in bug reporting and resolution efficiency. Furthermore, the page serves as a reference for looking up a product’s vulnerability history, allowing teams to assess their exposure based on known CVEs and historical attack patterns. This consolidated view helps organizations prioritize remediation efforts by highlighting the most critical and frequently exploited issues. The data is sourced from official advisories, public databases, and community disclosures to ensure accuracy and completeness. Maintaining an up-to-date awareness of these security events is essential for protecting applications that rely on Spring AI for generative AI functionality. This page does not provide technical remediation details but offers a structured overview for risk assessment and compliance auditing purposes.

Vendor: VMware

CVE IDTitleCVSSSeverityPublished
CVE-2026-47835 Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores CWE-943 8.6 High2026-06-15
CVE-2026-41863 LLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI support for Anthropic Skills API CWE-22 6.5 Medium2026-05-25
CVE-2026-41713 Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor CWE-1336 8.2 High2026-05-12
CVE-2026-41712 ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage 7.5 High2026-05-12
CVE-2026-41705 VMware Spring AI 安全漏洞 CWE-917 8.6 High2026-05-09
CVE-2026-40980 VMware Spring AI 资源管理错误漏洞 CWE-400 6.5 Medium2026-04-28
CVE-2026-40979 VMware Spring AI 安全漏洞 CWE-377 6.1 Medium2026-04-28
CVE-2026-40978 VMware Spring AI SQL注入漏洞 CWE-89 8.8 High2026-04-28
CVE-2026-40966 VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration CWE-284 5.9 Medium2026-04-28
CVE-2026-40967 VMware Spring AI 代码注入漏洞 CWE-94 8.6 High2026-04-28
CVE-2026-22744 VMware Spring AI 安全漏洞 7.5 High2026-03-27
CVE-2026-22743 Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore 7.5 High2026-03-27
CVE-2026-22742 Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching 8.6 High2026-03-27
CVE-2026-22738 SpEL Injection via Unescaped Filter Key in SimpleVectorStore Leads to Remote Code Execution 9.8 Critical2026-03-27
CVE-2026-22729 CVE-2026-22729: JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter 8.6 High2026-03-18
CVE-2026-22730 CVE-2026-22730: SQL Injection in Spring AI MariaDBFilterExpressionConverter 8.8 High2026-03-18

All 16 known CVE vulnerabilities affecting Spring AI with full Chinese analysis, references, and POCs where available.