@antonyfaris/prefix-node-builtins (>=1.0.0 <=1.0.1), @anyauth/design-system (>=0.5.0 <=0.5.1) +23 more potentially affected by CVE-2026-25545 via astro (>=5.0.0-beta.5 <=5.17.2)

astro NPM version =5.0.0-beta.5, =1.0.0, =0.5.0, =0.0.1, =0.1.0, =0.0.1, =2.0.0, =2.18.7, =0.1.2-alpha.1, =0.0.28, =0.0.28, =1.5.1, =1.13.2, =0.0.1, =0.0.2 and more Source cves: CVE-2026-25545 Source advisory: SNYK:JS-ASTRO-15338137...

@ayco/astro-resume (>=0.3.0 <=0.3.2), @ayco/cozy (>=0.2.5 <=0.3.1) +43 more potentially affected by CVE-2026-25545 via @astrojs/node (>=0.1.6 <=9.5.2)

@astrojs/node NPM version =0.1.6, =0.3.0, =0.2.5, =1.0.0, =2.0.0, =0.1.3, =0.40.5, =0.0.51, =0.0.51, =3.23.0, =0.7.0, =0.0.1, =0.2.3 and more Source cves: CVE-2026-25545 Source advisory: OSV:GHSA-QQ67-MVV5-FW3G...

CVE-2026-25545

creationtimestamp| type| source ---|---|--- 2026-02-23 13:07:51+00:00| published-proof-of-concept| https://github.com/withastro/astro/security/advisories/GHSA-qq67-mvv5-fw3g 2026-02-24 01:36:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfkzq2dznx2x 2026-02-24 02:24:32+00:00|...

PT-2026-21546

Name of the Vulnerable Software and Affected Versions Astro versions prior to 9.5.4 Description Astro, a web framework, is affected by a Server-Side Request Forgery SSRF issue in versions prior to 9.5.4. Server-Side Rendered pages returning an error with a prerendered custom error page such as...