mem0

vercel-ai-v2.0.6 scope: vercel-ai Security

This release includes 6 security fixes for security teams reviewing exposed deployments.

Published 2d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 6 known CVEs

Topics

agents ai ai-agents application chatbots chatgpt

+7 more

genai llm long-term-memory memory memory-management python state-management

Affected surfaces

deps

ReleasePort's take

Moderate signal

editorial:auto 2d

The Vercel AI v2.0.6 release pins transitive dependencies to specific versions that remediate multiple high‑severity CVEs.

Why it matters: All listed CVEs have a severity score of 90 (high). Updating to vercel-ai-v2.0.6 patches these vulnerabilities immediately, eliminating exposure in any project using the affected dependencies.

Summary

AI summary

Pinned transitive dependencies to remediate high‑severity CVEs.

Changes in this release

Type	Severity	Summary	CVE
Security
Security	Critical	Pinned dependency glob to ^10.5.0 remedying CVE-2025-64756 Pinned dependency glob to ^10.5.0 remedying CVE-2025-64756 Source: llm_adapter@2026-06-01 Confidence: high	—
Security	Critical	Pinned dependency minimatch to ^3.1.3, ^5.1.8, ^9.0.7 remedying CVE-2026-27903, CVE-2026-27904, CVE-2026-26996 Pinned dependency minimatch to ^3.1.3, ^5.1.8, ^9.0.7 remedying CVE-2026-27903, CVE-2026-27904, CVE-2026-26996 Source: llm_adapter@2026-06-01 Confidence: high	—
Security	Critical	Pinned dependency picomatch to ^2.3.2 remedying CVE-2026-33671 Pinned dependency picomatch to ^2.3.2 remedying CVE-2026-33671 Source: llm_adapter@2026-06-01 Confidence: high	—
Security	Critical	Pinned dependency rollup to ^4.59.0 remedying CVE-2026-27606 Pinned dependency rollup to ^4.59.0 remedying CVE-2026-27606 Source: llm_adapter@2026-06-01 Confidence: high	—

Full changelog

Vercel AI SDK Provider (v2.4.6)

Security:

Dependencies: Pinned transitive dependencies via pnpm overrides to remediate high-severity CVEs: glob → ^10.5.0 (CVE-2025-64756), minimatch → ^3.1.3 / ^5.1.8 / ^9.0.7 (CVE-2026-27903, CVE-2026-27904, CVE-2026-26996), picomatch → ^2.3.2 (CVE-2026-33671), rollup → ^4.59.0 (CVE-2026-27606)

Security Fixes

glob → ^10.5.0 (CVE-2025-64756)
minimatch → ^3.1.3, ^5.1.8, ^9.0.7 (CVE-2026-27903, CVE-2026-27904, CVE-2026-26996)
picomatch → ^2.3.2 (CVE-2026-33671)
rollup → ^4.59.0 (CVE-2026-27606)
CVE-2026-27904
CVE-2026-26996

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track mem0

Get notified when new releases ship.

About mem0

Universal memory layer for AI Agents

All releases →

Related context

Related tools

Related CVEs

CVE-2025-64756 NVD KEV EPSS
CVE-2026-26996 NVD KEV EPSS
CVE-2026-27606 NVD KEV EPSS
CVE-2026-27903 NVD KEV EPSS
CVE-2026-27904 NVD KEV EPSS
CVE-2026-33671 NVD KEV EPSS