Pinecone, Weaviate, and Milvus Security Issues in JavaScript and TypeScript Applications
Introduction
Vector databases such as Pinecone, Weaviate, and Milvus are critical components of AI applications. Their JavaScript and TypeScript clients allow developers to embed, query, and retrieve high-dimensional vectors. These integrations come with application security risks, particularly when vector stores are treated as trusted rather than adversarial environments.
Data Exfiltration via Query Abuse
In Pinecone and Weaviate, queries can retrieve vectors along with metadata. If applications expose search endpoints without authentication, attackers can exfiltrate embeddings that contain sensitive corporate documents. One red team assessment demonstrated how an attacker used a simple vector similarity query to leak contract data embedded in Pinecone.
Injection in Vector Metadata
Weaviate and Milvus allow developers to attach metadata to vectors. Applications that concatenate user input into metadata fields without sanitization are vulnerable to injection. In one incident, metadata crafted with malicious JSON led to server errors that revealed underlying database configuration.
Over-Privileged API Keys
API keys for vector databases are often given full cluster access. In a 2024 security review, Pinecone deployments were found exposing keys that allowed both read and write operations. An attacker who compromises the key can poison embeddings, insert malicious data, or delete critical indices.
MITRE ATT&CK Mapping
Conclusion
Vector databases extend the attack surface of AI applications. Without strict authentication, data exfiltration and poisoning are straightforward. Security teams must enforce access controls, sanitize metadata, and scope API keys to the minimum necessary permissions.
References
- Pinecone. (2024). Securing your Pinecone deployment. Pinecone Docs. https://docs.pinecone.io/docs/security
- Weaviate. (2024). Security considerations. Weaviate Documentation. https://weaviate.io/developers/weaviate
- MITRE ATT&CK®. (2024). ATT&CK Techniques. MITRE. https://attack.mitre.org/
More blogs
CVE-2025-55182: Remote Code Execution in React Server Components
On December 3, 2025, the React and Vercel teams disclosed CVE-2025-55182, a critical remote-code-execution (RCE) vulnerability (CVSS 10) affecting React Server Components (RSC) as used in the Flight protocol implementation.
Shai Hulud 2.0: What We Know About the Ongoing NPM Supply Chain Attack
A new wave of supply chain compromise is unfolding across the open-source ecosystem. Multiple security vendors, including Aikido Security and Wiz have confirmed that the threat actor behind the earlier Shai Hulud malware campaign has resurfaced. This time, compromising NPM accounts, GitHub repositories and widely-used packages associated with Zapier and the ENS (Ethereum Name Service).
Remediation That Meets Developers in Context
Identifying issues isn’t the challenge. The challenge is effective remediation that fits your codebase, your environment and your team’s development velocity. Developers need to understand where issues originated, which packages to upgrade, what code to change and how disruptive fixes will be. Meanwhile, AppSec needs visibility into what's immediately actionable and which issues require cross-team coordination.
A Primer on Runtime Intelligence
See how Kodem's cutting-edge sensor technology revolutionizes application monitoring at the kernel level.
Platform Overview Video
Watch our short platform overview video to see how Kodem discovers real security risks in your code at runtime.
The State of the Application Security Workflow
This report aims to equip readers with actionable insights that can help future-proof their security programs. Kodem, the publisher of this report, purpose built a platform that bridges these gaps by unifying shift-left strategies with runtime monitoring and protection.
.png)
Get real-time insights across the full stack…code, containers, OS, and memory
Watch how Kodem’s runtime security platform detects and blocks attacks before they cause damage. No guesswork. Just precise, automated protection.
Stay up-to-date on Audit Nexus
A curated resource for the many updates to cybersecurity and AI risk regulations, frameworks, and standards.