Security
Headlines

Headlines Latest CVEs

Headline

GHSA-rwvc-j5jr-mgvh: Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files

A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade.

17 hours ago

#vulnerability #git #intel

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewDiscover and integrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-48985

Vercel’s AI SDK’s filetype whitelists can be bypassed when uploading files

Low severity GitHub Reviewed Published Nov 7, 2025 to the GitHub Advisory Database • Updated Nov 7, 2025

Package

Affected versions

< 5.0.52

>= 5.1.0-beta.0, < 5.1.0-beta.9

Patched versions

5.0.52

5.1.0-beta.9

Description

Published to the GitHub Advisory Database

Nov 7, 2025

EPSS score

ghsa: Latest News

GHSA-46xp-26xh-hpqh: KubeVirt Vulnerable to Arbitrary Host File Read and Write

1 hour ago

GHSA-cm35-v4vp-5xvx: Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events

2 hours ago

GHSA-w7xj-8fx7-wfch: Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE

5 hours ago

GHSA-rwvc-j5jr-mgvh: Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files

17 hours ago

GHSA-xmq3-q5pm-rp26: Nuxt DevTools vulnerable to cross-site scripting (XSS)

17 hours ago