@ampt/astro (=0.0.1-beta.1), @antonyfaris/prefix-node-builtins (>=1.0.0 <=1.0.1) +383 more potentially affected by CVE-2025-64765 +1 more via astro (>=0.20.12 <=5.15.6)

astro NPM version =0.20.12, =1.0.0, =0.5.0, =1.0.0, =0.0.17, =0.0.2, =0.0.1, =0.2.0, =0.0.0-experimental-7c2f356, =0.0.0-experimental-7c2f356, =0.5.1 - @astro-sanctuary/toolbar-drupal =0.1.1 - @astrojs/og =0.0.1 and more Source cves: CVE-2025-64765, CVE-2025-66202 Source advisory:...

CVE-2025-64745

Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...

CVE-2025-64745

Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...

CVE-2025-64745 Astro development server error page vulnerable to reflected Cross-site Scripting

Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...

PT-2025-46907

Name of the Vulnerable Software and Affected Versions Astro versions 5.2.0 through 5.15.6 Description A Reflected Cross-Site Scripting XSS vulnerability exists in Astro’s development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScrip...

Astro 跨站脚本漏洞

Astro is a web framework for content-driven websites in the Astro open source. A cross-site scripting vulnerability exists in Astro versions 5.2.0 through prior to 5.15.6, which stems from a reflective cross-site scripting vulnerability in the development server error page that could lead to the...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.6 and fixes at least the following security issues: A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose handler could happen if removing device that is not common to remove video card physically without...

CVE-2021-38593

Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath called from QRasterPaintEngine::fill and QPaintEngineEx::stroke...

Apache ActiveMQ Security Restriction Bypass Vulnerability

Apache ActiveMQ Client is the United States Apache Apache Software Foundation developed a set of open-source messaging middleware client program , which supports Java messaging services , clustering , Spring Framework and so on. Apache ActiveMQ Client 5.15.6 before the version of a security...

CVE-2011-2939

Off-by-one error in the decodexs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service memory corruption via a crafted Unicode string, which triggers a heap-based buffer overflow...

Perl decode_xs heap-based buffer overflow

Off-by-one error in the decodexs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service memory corruption via a crafted Unicode string, which triggers a heap-based buffer overflow...