Lucene search
K

4 matches found

CVE
CVE
added 2025/11/07 12:43 a.m.67 views

CVE-2025-48985

The CVE-2025-48985 vulnerability affects Vercel’s AI SDK, with fixes in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. The issue is an input-validation bypass that could allow bypassing filetype whitelists during file uploads. Connected sources confirm remediation via upgrading the AI SDK. Impact...

5.3CVSS6.5AI score0.00259EPSS
CVE
CVE
added 2026/05/17 11:0 p.m.58 views

CVE-2026-8769

CVE-2026-8769 affects vercel ai up to 3.0.97, specifically the provider-utils file response-handler.ts (functions createJsonResponseHandler and createJsonErrorResponseHandler). The issue enables resource consumption that can be triggered remotely; exploit publicly disclosed. Details on affected v...

6.5CVSS5.5AI score0.00561EPSS
CVE
CVE
added 2026/05/17 10:45 p.m.38 views

CVE-2026-8768

CVE-2026-8768 affects vercel ai up to 3.0.97, specifically the provider-utils component and its function validateDownloadUrl in packages/provider-utils/src/download-blob.ts. The vulnerability enables server-side request forgery (SSRF) and can be triggered remotely. The exploit has been made publi...

7.5CVSS6.7AI score0.00385EPSS
CVE
CVE
added 2026/05/17 10:30 p.m.26 views

CVE-2026-8767

CVE-2026-8767 affects vercel ai up to version 3.0.97. The issue lies in the run function of .github/workflows/prettier-on-automerge.yml within the PR Branch Name Interpolation component, enabling an OS command injection. Attacks can be remote, with high attack complexity and exploitability deemed...

7.5CVSS5.2AI score0.04261EPSS