VulnerableCode Package Details - pkg:maven/org.springframework.ai/spring-ai-pdf-document-reader@1.1.5

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.springframework.ai/spring-ai-pdf-document-reader@1.1.5

purl	pkg:maven/org.springframework.ai/spring-ai-pdf-document-reader@1.1.5

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-mwz6-erut-yfd3	In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by `ForkPDFLayoutTextStripper`. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)	CVE-2026-40980 GHSA-26gg-9gv2-v27j

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T06:29:40.245154+00:00	GHSA Importer	Fixing	VCID-mwz6-erut-yfd3	https://github.com/advisories/GHSA-26gg-9gv2-v27j	38.6.0
2026-06-12T22:14:17.594732+00:00	GitLab Importer	Fixing	VCID-mwz6-erut-yfd3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework.ai/spring-ai-pdf-document-reader/CVE-2026-40980.yml	38.6.0
2026-06-12T07:46:51.921918+00:00	GithubOSV Importer	Fixing	VCID-mwz6-erut-yfd3	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-26gg-9gv2-v27j/GHSA-26gg-9gv2-v27j.json	38.6.0