Lucene search
K

261 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 7:1 a.m.18 views

Malicious code in ranno (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1366783d9cb87471f1b5cfeb806508ee83b2a58ded724f8ea45d8391f4f68bc The package's advertised API ex calls gn in ranno/gn.py, which POSTs the caller's prompt — and, when a data= argument is supplied, the absolute file...

6.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 10:32 p.m.12 views

Malicious code in edison-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c151a181047e12f1de0e91b1923861446b04558028d518e30df1767ccc85def7 At pip install time, setup.py reads the EDISONQUERY environment variable from the installer's environment and POSTs it to...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/05/25 10:32 p.m.29 views

MAL-2026-4747 Malicious code in edison-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c151a181047e12f1de0e91b1923861446b04558028d518e30df1767ccc85def7 At pip install time, setup.py reads the EDISONQUERY environment variable from the installer's environment and POSTs it to...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/05/22 11:16 a.m.13 views

MAL-2026-4533 Malicious code in codebuff-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdf777f03e4dc44a9956401136a42f099638025ef7d2197dec630525ad26727d The package name codebuff-cli impersonates the legitimate codebuff npm package; the README is copy-pasted from the official CodebuffAI project it eve...

5.9AI score
Exploits0References26
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 7:48 a.m.14 views

Malicious code in @euqns/nudge-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b1e494fee8148b95f98e5de04cc4ecd78ed793ff2d019ae672e2b22d2debc3b The package ships dist/setup.js which performs HTTP POST requests at install time to a hardcoded external endpoint at...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 12:54 a.m.12 views

Malicious code in hpsetup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16ed0c34d69e1ea3c5052e3eed20b87fc47e8d4bf1393f7117d34b847347e12c When npx hpsetup runs, the tool fetches a tarball from https://hpsetup-cdn.932324.xyz/api/tarball//?key= and extracts it directly into...

6.3AI score
Exploits0References11
OSV
OSV
added 2026/05/20 12:54 a.m.10 views

MAL-2026-4579 Malicious code in hpsetup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16ed0c34d69e1ea3c5052e3eed20b87fc47e8d4bf1393f7117d34b847347e12c When npx hpsetup runs, the tool fetches a tarball from https://hpsetup-cdn.932324.xyz/api/tarball//?key= and extracts it directly into...

6.3AI score
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/05/19 1:58 a.m.10 views

CVE-2026-8769

A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

6.5CVSS5.5AI score0.00561EPSS
Exploits1References1
OSV
OSV
added 2026/05/18 12:31 a.m.7 views

GHSA-866G-F22W-33X8 @ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue

A vulnerability was determined in Vercel AI up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

5.3CVSS5.5AI score0.00561EPSS
Exploits1References6
EUVD
EUVD
added 2026/05/18 12:31 a.m.14 views

EUVD-2026-30713

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...

7.5CVSS5.4AI score0.00385EPSS
Exploits1References7
EUVD
EUVD
added 2026/05/18 12:31 a.m.30 views

EUVD-2026-30712

A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

5.3CVSS5.5AI score0.00561EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/18 12:31 a.m.13 views

@ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue

A vulnerability was determined in Vercel AI up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

6.5CVSS5.4AI score0.00561EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/05/17 11:17 p.m.27 views

CVE-2026-8769

A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

6.5CVSS0.00561EPSS
Exploits1References4
NVD
NVD
added 2026/05/17 11:17 p.m.24 views

CVE-2026-8767

A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an...

7.5CVSS0.04261EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/17 11:0 p.m.11 views

CVE-2026-8769 vercel ai provider-utils response-handler.ts createJsonErrorResponseHandler resource consumption

A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

5.3CVSS5.5AI score0.00561EPSS
Exploits1References4
CVE
CVE
added 2026/05/17 11:0 p.m.55 views

CVE-2026-8769

CVE-2026-8769 affects vercel ai up to 3.0.97, specifically the provider-utils file response-handler.ts (functions createJsonResponseHandler and createJsonErrorResponseHandler). The issue enables resource consumption that can be triggered remotely; exploit publicly disclosed. Details on affected v...

6.5CVSS5.5AI score0.00561EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/17 11:0 p.m.26 views

CVE-2026-8769

A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

5.3CVSS5.5AI score0.00561EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/05/17 11:0 p.m.68 views

CVE-2026-8769 vercel ai provider-utils response-handler.ts createJsonErrorResponseHandler resource consumption

A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

5.3CVSS0.00561EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/17 10:45 p.m.12 views

CVE-2026-8768

A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be launched remotely. The...

7.5CVSS6.7AI score0.00385EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2026/05/17 10:45 p.m.34 views

CVE-2026-8768

CVE-2026-8768 affects vercel ai up to 3.0.97, specifically the provider-utils component and its function validateDownloadUrl in packages/provider-utils/src/download-blob.ts. The vulnerability enables server-side request forgery (SSRF) and can be triggered remotely. The exploit has been made publi...

7.5CVSS6.7AI score0.00385EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder