VYPR

npm package

agents

pkg:npm/agents

Vulnerabilities (2)

  • CVE-2026-1721MedFeb 13, 2026
    affected < 0.3.10fixed 0.3.10

    Summary A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary J

  • CVE-2026-1664MedFeb 3, 2026
    affected < 0.3.7fixed 0.3.7

    Summary An Insecure Direct Object Reference has been found to exist in `createHeaderBasedEmailResolver()` function within the Cloudflare Agents SDK. The issue occurs because the `Message-ID` and `References` headers are parsed to derive the target agentName and agentId without p