Known Vulnerabilities for Spring AI by Spring
Listed below are 7 of the newest known vulnerabilities associated with "Spring AI" by "Spring".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-22744 | In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for ... | Not Provided | 2026-03-27 | 2026-03-27 |
| CVE-2026-22743 | Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When ... | Not Provided | 2026-03-27 | 2026-03-27 |
| CVE-2026-22742 | Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel... | Not Provided | 2026-03-27 | 2026-03-27 |
| CVE-2026-22738 | In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter exp... | Not Provided | 2026-03-27 | 2026-03-28 |
| CVE-2026-22730 | A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-ba... | Not Provided | 2026-03-18 | 2026-03-19 |
| CVE-2026-22729 | A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass meta... | Not Provided | 2026-03-18 | 2026-03-18 |
| CVE-2025-26553 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spring Devs Pre Order A... | Not Provided | 2025-03-15 | 2026-04-01 |