VYPR

PyPI package

google-cloud-aiplatform

pkg:pypi/google-cloud-aiplatform

Vulnerabilities (2)

  • CVE-2026-2473HigFeb 20, 2026
    affected >= 1.21.0, < 1.133.0fixed 1.133.0

    Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to (but not including) 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-

  • CVE-2026-2472HigFeb 20, 2026
    affected >= 1.98.0, < 1.131.0fixed 1.131.0

    Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Ju