Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

21 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:43 p.m.7 views

CVE-2026-8767

A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an...

7.5CVSS4.9AI score0.00307EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:24 p.m.7 views

CVE-2026-8768

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...

7.5CVSS6.5AI score0.00057EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/05/19 1:58 a.m.7 views

CVE-2026-8769

A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

6.5CVSS5.5AI score0.00017EPSS
Exploits1References1
EUVD
EUVDadded 2026/05/18 12:31 a.m.11 views

EUVD-2026-30713

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...

7.5CVSS5.4AI score0.00057EPSS
Exploits1References7
EUVD
EUVDadded 2026/05/18 12:31 a.m.21 views

EUVD-2026-30712

A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

5.3CVSS5.5AI score0.00017EPSS
Exploits1References5
OSV
OSVadded 2026/05/18 12:31 a.m.4 views

GHSA-866G-F22W-33X8 @ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue

A vulnerability was determined in Vercel AI up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

5.3CVSS5.5AI score0.00017EPSS
Exploits1References6
Github Security Blog
Github Security Blogadded 2026/05/18 12:31 a.m.8 views

@ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue

A vulnerability was determined in Vercel AI up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

6.5CVSS5.4AI score0.00017EPSS
Exploits1References6Affected Software1
NVD
NVDadded 2026/05/17 11:17 p.m.19 views

CVE-2026-8769

A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

6.5CVSS0.00017EPSS
Exploits1References4
NVD
NVDadded 2026/05/17 11:17 p.m.13 views

CVE-2026-8767

A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an...

7.5CVSS0.00307EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/05/17 11:0 p.m.55 views

CVE-2026-8769 vercel ai provider-utils response-handler.ts createJsonErrorResponseHandler resource consumption

A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

5.3CVSS0.00017EPSS
Exploits1References4
CVE
CVEadded 2026/05/17 11:0 p.m.24 views

CVE-2026-8769

CVE-2026-8769 affects vercel ai up to 3.0.97, specifically the provider-utils file response-handler.ts (functions createJsonResponseHandler and createJsonErrorResponseHandler). The issue enables resource consumption that can be triggered remotely; exploit publicly disclosed. Details on affected v...

6.5CVSS5.5AI score0.00017EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/17 11:0 p.m.9 views

CVE-2026-8769 vercel ai provider-utils response-handler.ts createJsonErrorResponseHandler resource consumption

A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

5.3CVSS5.5AI score0.00017EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/05/17 11:0 p.m.12 views

CVE-2026-8769

A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

5.3CVSS5.5AI score0.00017EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/17 10:45 p.m.7 views

CVE-2026-8768

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...

7.5CVSS6.7AI score0.00057EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/17 10:45 p.m.6 views

CVE-2026-8768 vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...

7.5CVSS6.7AI score0.00057EPSS
Exploits1References6
Cvelist
Cvelistadded 2026/05/17 10:45 p.m.41 views

CVE-2026-8768 vercel ai provider-utils download-blob.ts validateDownloadUrl server-side request forgery

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...

7.5CVSS0.00057EPSS
Exploits1References6
CVE
CVEadded 2026/05/17 10:30 p.m.15 views

CVE-2026-8767

CVE-2026-8767 affects vercel ai up to version 3.0.97. The issue lies in the run function of .github/workflows/prettier-on-automerge.yml within the PR Branch Name Interpolation component, enabling an OS command injection. Attacks can be remote, with high attack complexity and exploitability deemed...

7.5CVSS5.2AI score0.00307EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/17 10:30 p.m.5 views

CVE-2026-8767 vercel ai PR Branch Name Interpolation prettier-on-automerge.yml run os command injection

A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an...

5CVSS5.2AI score0.00307EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2026/05/17 12:0 a.m.8 views

PT-2026-41570

Name of the Vulnerable Software and Affected Versions vercel ai versions prior to 3.0.98 Description An OS command injection issue exists in the PR Branch Name Interpolation component. The flaw is located within the run function of the .github/workflows/prettier-on-automerge.yml file. This allows...

5CVSS6.2AI score0.00307EPSS
Exploits1References8
Positive Technologies
Positive Technologiesadded 2026/05/17 12:0 a.m.7 views

PT-2026-41587

Name of the Vulnerable Software and Affected Versions vercel ai versions prior to 3.0.98 Description A server-side request forgery SSRF issue exists in the provider-utils component. The flaw is located in the validateDownloadUrl function within the packages/provider-utils/src/download-blob.ts fil...

7.5CVSS7.2AI score0.00057EPSS
Exploits1References11
Rows per page
Query Builder