Security: pydantic/pydantic-ai
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
VercelAIAdapter trusts client-controlled `providerMetadata` to construct `UploadedFile` — S3/GCS confused deputy via provider metadata injectionGHSA-h7p7-w5gc-xj3w published
Jun 10, 2026 by dsfacciniModerate -
SSRF cloud-metadata blocklist bypass via additional IPv6 transition formsGHSA-cg7w-rg45-pc59 published
May 23, 2026 by DouweMModerate -
SSRF cloud-metadata blocklist bypass via IPv6-encoded address formsGHSA-cqp8-fcvh-x7r3 published
May 20, 2026 by DouweMModerate -
Stored XSS via Path Traversal in Web UI CDN URLGHSA-wjp5-868j-wqv7 published
Feb 6, 2026 by DouweMHigh -
Server-Side Request Forgery (SSRF) in URL Download HandlingGHSA-2jrp-274c-jhv3 published
Feb 6, 2026 by DouweMHigh