Security Bulletin: Astronomer with IBM is vulnerable to resource allocation abuse due to the pdfmake package (CVE-2025-11362)

Summary Pdfmake is used by Astronomer with IBM as part of document processing functionality. Vulnerability Details CVEID:CVE-2025-11362 DESCRIPTION: Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect...

Security Bulletin: Astronomer with IBM is vulnerable to cross-site scripting due to the jsondiffpatch package (CVE-2025-9910)

Summary Jsondiffpatch is used by Astronomer with IBM as part of JSON processing functionality. Vulnerability Details CVEID:CVE-2025-9910 DESCRIPTION: Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject...

Security Bulletin: Astronomer with IBM is vulnerable to several vulnerabilities (CVE-2008-5730, CVE-2015-5237, CVE-2018-12020, CVE-2019-13050, CVE-2019-14855, CVE-2019-1543, CVE-2020-25125, CVE-2021-3712, CVE-2022-31130, CVE-2023-0464, CVE-2022-1292)

Summary Open source software is used by Astronomer with IBM as part of overall processing functionality. Vulnerability Details CVEID:CVE-2008-5730 DESCRIPTION: Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to have an unknown impact via unspecified...