Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.springframework.ai/spring-ai-client-chat@1.0.2
purl pkg:maven/org.springframework.ai/spring-ai-client-chat@1.0.2
Next non-vulnerable version 1.0.7
Latest non-vulnerable version 2.0.0-M6
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-9jh9-s213-jbeu
Aliases:
CVE-2026-41712
GHSA-q62f-h9x2-gcqc
Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users.
1.0.7
Affected by 0 other vulnerabilities.
1.1.6
Affected by 0 other vulnerabilities.
2.0.0-M6
Affected by 0 other vulnerabilities.
VCID-eg2m-qj98-rbdr
Aliases:
CVE-2026-41713
GHSA-5852-phmh-8fhr
A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns.
1.0.7
Affected by 0 other vulnerabilities.
1.1.6
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-12T22:29:12.934764+00:00 GitLab Importer Affected by VCID-9jh9-s213-jbeu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.ai/spring-ai-client-chat/CVE-2026-41712.yml 38.6.0
2026-06-12T22:28:09.373294+00:00 GitLab Importer Affected by VCID-eg2m-qj98-rbdr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.ai/spring-ai-client-chat/CVE-2026-41713.yml 38.6.0