261 matches found
Malicious code in ranno (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1366783d9cb87471f1b5cfeb806508ee83b2a58ded724f8ea45d8391f4f68bc The package's advertised API ex calls gn in ranno/gn.py, which POSTs the caller's prompt — and, when a data= argument is supplied, the absolute file...
Malicious code in edison-tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c151a181047e12f1de0e91b1923861446b04558028d518e30df1767ccc85def7 At pip install time, setup.py reads the EDISONQUERY environment variable from the installer's environment and POSTs it to...
MAL-2026-4747 Malicious code in edison-tools (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c151a181047e12f1de0e91b1923861446b04558028d518e30df1767ccc85def7 At pip install time, setup.py reads the EDISONQUERY environment variable from the installer's environment and POSTs it to...
MAL-2026-4533 Malicious code in codebuff-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdf777f03e4dc44a9956401136a42f099638025ef7d2197dec630525ad26727d The package name codebuff-cli impersonates the legitimate codebuff npm package; the README is copy-pasted from the official CodebuffAI project it eve...
Malicious code in @euqns/nudge-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b1e494fee8148b95f98e5de04cc4ecd78ed793ff2d019ae672e2b22d2debc3b The package ships dist/setup.js which performs HTTP POST requests at install time to a hardcoded external endpoint at...
Malicious code in hpsetup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16ed0c34d69e1ea3c5052e3eed20b87fc47e8d4bf1393f7117d34b847347e12c When npx hpsetup runs, the tool fetches a tarball from https://hpsetup-cdn.932324.xyz/api/tarball//?key= and extracts it directly into...
MAL-2026-4579 Malicious code in hpsetup (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16ed0c34d69e1ea3c5052e3eed20b87fc47e8d4bf1393f7117d34b847347e12c When npx hpsetup runs, the tool fetches a tarball from https://hpsetup-cdn.932324.xyz/api/tarball//?key= and extracts it directly into...
CVE-2026-8769
A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...
GHSA-866G-F22W-33X8 @ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue
A vulnerability was determined in Vercel AI up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...
EUVD-2026-30713
A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...
EUVD-2026-30712
A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...
@ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue
A vulnerability was determined in Vercel AI up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...
CVE-2026-8769
A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...
CVE-2026-8767
A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an...
CVE-2026-8769 vercel ai provider-utils response-handler.ts createJsonErrorResponseHandler resource consumption
A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...
CVE-2026-8769
CVE-2026-8769 affects vercel ai up to 3.0.97, specifically the provider-utils file response-handler.ts (functions createJsonResponseHandler and createJsonErrorResponseHandler). The issue enables resource consumption that can be triggered remotely; exploit publicly disclosed. Details on affected v...
CVE-2026-8769
A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...
CVE-2026-8769 vercel ai provider-utils response-handler.ts createJsonErrorResponseHandler resource consumption
A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...
CVE-2026-8768
A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...
CVE-2026-8768
CVE-2026-8768 affects vercel ai up to 3.0.97, specifically the provider-utils component and its function validateDownloadUrl in packages/provider-utils/src/download-blob.ts. The vulnerability enables server-side request forgery (SSRF) and can be triggered remotely. The exploit has been made publi...