mem0

vcli-node-v0.2.8 scope: cli-node Security

This release includes 13 security fixes for security teams reviewing exposed deployments.

Published 2d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 13 known CVEs

Topics

agents ai ai-agents application chatbots chatgpt

+7 more

genai llm long-term-memory memory memory-management python state-management

Affected surfaces

deps

ReleasePort's take

Moderate signal

editorial:auto 2d

Release cli-node v0.2.8 pins multiple transitive dependencies to specific versions that remediate high‑severity CVEs.

Why it matters: All listed packages are upgraded to fixed versions (e.g., jws → 4.0.1, langsmith ≥ 0.6.0) eliminating CVE vulnerabilities; adopt the release immediately.

Summary

AI summary

Remediated high‑severity CVEs by pinning transitive dependencies

Changes in this release

Type	Severity	Summary	CVE
Security
Security	Critical	Pinned dependency jws to 4.0.1 fixing CVE-2025-65945 Pinned dependency jws to 4.0.1 fixing CVE-2025-65945 Source: llm_adapter@2026-06-01 Confidence: high	—
Security	Critical	Pinned dependency langsmith to ^0.6.0 fixing CVE-2026-45134 Pinned dependency langsmith to ^0.6.0 fixing CVE-2026-45134 Source: llm_adapter@2026-06-01 Confidence: high	—
Security	Critical	Pinned dependency tar-fs to ^2.1.4 fixing CVE-2025-48387 and CVE-2025-59343 Pinned dependency tar-fs to ^2.1.4 fixing CVE-2025-48387 and CVE-2025-59343 Source: llm_adapter@2026-06-01 Confidence: high	—
Security	Critical	Pinned dependency picomatch to ^2.3.2 fixing CVE-2026-33671 Pinned dependency picomatch to ^2.3.2 fixing CVE-2026-33671 Source: llm_adapter@2026-06-01 Confidence: high	—
Security	Critical	Pinned dependency minimatch to ^3.1.3, ^5.1.8, and ^9.0.7 fixing CVE-2026-27903, CVE-2026-27904, and CVE-2026-26996 Pinned dependency minimatch to ^3.1.3, ^5.1.8, and ^9.0.7 fixing CVE-2026-27903, CVE-2026-27904, and CVE-2026-26996 Source: llm_adapter@2026-06-01 Confidence: high	—
Security	Critical	Pinned dependency path-to-regexp to ^8.4.0 fixing CVE-2026-4926 Pinned dependency path-to-regexp to ^8.4.0 fixing CVE-2026-4926 Source: llm_adapter@2026-06-01 Confidence: high	—
Security	Critical	Pinned dependency rollup to ^4.59.0 fixing CVE-2026-27606 Pinned dependency rollup to ^4.59.0 fixing CVE-2026-27606 Source: llm_adapter@2026-06-01 Confidence: high	—
Security	Critical	Pinned dependency glob to ^10.5.0 fixing CVE-2025-64756 Pinned dependency glob to ^10.5.0 fixing CVE-2025-64756 Source: llm_adapter@2026-06-01 Confidence: high	—
Security	Critical	Pinned dependency @modelcontextprotocol/sdk to ^1.25.4 fixing CVE-2025-66414 and CVE-2026-0621 Pinned dependency @modelcontextprotocol/sdk to ^1.25.4 fixing CVE-2025-66414 and CVE-2026-0621 Source: llm_adapter@2026-06-01 Confidence: high	—

Full changelog

Mem0 Node CLI (v0.2.8)

Security:

Dependencies: Pinned transitive dependencies via pnpm overrides to remediate high-severity CVEs: jws → 4.0.1 (CVE-2025-65945), langsmith → ^0.6.0 (CVE-2026-45134), tar-fs → ^2.1.4 (CVE-2025-48387, CVE-2025-59343), picomatch → ^2.3.2 (CVE-2026-33671), minimatch → ^3.1.3 / ^5.1.8 / ^9.0.7 (CVE-2026-27903, CVE-2026-27904, CVE-2026-26996), path-to-regexp → ^8.4.0 (CVE-2026-4926), rollup → ^4.59.0 (CVE-2026-27606), glob → ^10.5.0 (CVE-2025-64756), @modelcontextprotocol/sdk → ^1.25.4 (CVE-2025-66414, CVE-2026-0621)

Security Fixes

dep: jws → 4.0.1 (CVE-2025-65945)
dep: langsmith → ^0.6.0 (CVE-2026-45134)
dep: tar-fs → ^2.1.4 (CVE-2025-48387, CVE-2025-59343)
dep: picomatch → ^2.3.2 (CVE-2026-33671)
dep: minimatch → ^3.1.3 / ^5.1.8 / ^9.0.7 (CVE-2026-27903, CVE-2026-27904, CVE-2026-26996)
dep: path-to-regexp → ^8.4.0 (CVE-2026-4926)
dep: rollup → ^4.59.0 (CVE-2026-27606)
dep: glob → ^10.5.0 (CVE-2025-64756)
dep: @modelcontextprotocol/sdk → ^1.25.4 (CVE-2025-66414, CVE-2026-0621)
CVE-2025-59343
CVE-2026-27904
CVE-2026-26996
CVE-2026-0621

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track mem0

Get notified when new releases ship.

About mem0

Universal memory layer for AI Agents

All releases →

Related context

Related tools

Related CVEs

CVE-2025-48387 NVD KEV EPSS
CVE-2025-59343 NVD KEV EPSS
CVE-2025-64756 NVD KEV EPSS
CVE-2025-65945 NVD KEV EPSS
CVE-2025-66414 NVD KEV EPSS
CVE-2026-0621 NVD KEV EPSS
CVE-2026-26996 NVD KEV EPSS
CVE-2026-27606 NVD KEV EPSS
CVE-2026-27903 NVD KEV EPSS
CVE-2026-27904 NVD KEV EPSS
CVE-2026-33671 NVD KEV EPSS
CVE-2026-45134 NVD KEV EPSS
CVE-2026-4926 NVD KEV EPSS