VYPR

AI

by Vercel

Source repositories

CVEs (4)

  • CVE-2026-8768HigMay 17, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results in server-side request forgery. The attack can be…

  • CVE-2026-8767MedMay 17, 2026
    risk 0.33cvss 5.0epss 0.04

    A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The…

  • CVE-2026-8769MedMay 17, 2026
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource…

  • CVE-2025-57203Sep 22, 2025
    risk 0.00cvss epss 0.00

    MagicProject AI version 9.1 is affected by a Cross-Site Scripting (XSS) vulnerability within the chatbot generation feature available to authenticated admin users. The vulnerability resides in the prompt parameter submitted to the /dashboard/user/generator/generate-stream…