@astrojs/cloudflare (>=13.0.0-beta.4 <=13.0.0-beta.14), @astrojs/markdoc (>=1.0.0-beta.7 <=1.0.0-beta.15) +8 more potentially affected by CVE-2026-33769 via @astrojs/internal-helpers (>=0.8.0-beta.0 <=0.8.0-beta.3)

@astrojs/internal-helpers NPM version =0.8.0-beta.0, =13.0.0-beta.4, =1.0.0-beta.7, =7.0.0-beta.4, =5.0.0-beta.4, =7.0.0-beta.6, =10.0.0-beta.1, =10.0.0-beta.1, =6.0.0-beta.7, =6.0.0-beta.20 Source cves: CVE-2026-33769 Source advisory: SNYK:JS-ASTROJSINTERNALHELPERS-15763364...

@1771technologies/lytenyte-doc (=1.0.13), @1771technologies/oneplay (>=0.0.1 <=0.0.6) +416 more potentially affected by CVE-2026-33769 via @astrojs/internal-helpers (>=0.0.0-markdoc-config-changes-20230626153541 <=0.7.5)

@astrojs/internal-helpers NPM version =0.0.0-markdoc-config-changes-20230626153541, =0.0.1, =1.0.0, =0.5.0, =1.0.0, =1.0.0, =0.0.17, =0.0.2, =0.2.0, =0.0.0-experimental-7c2f356, =0.0.0-experimental-7c2f356, =0.5.1 - @astro-sanctuary/toolbar-drupal =0.1.1 and more Source cves: CVE-2026-33769 Sourc...

n8n 安全漏洞

n8n is a scalable workflow automation tool from n8n open source. A security vulnerability exists in versions prior to n8n 2.0.0 that stems from Code node being able to call internal helper functions that could result in reading or writing to the host file system...

Cross-site Scripting (XSS)

Overview @astrojs/internal-helpers is an Internal helpers used by core Astro packages. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the isRemoteAllowed function. An attacker can execute arbitrary JavaScript in the victim's browser by submitting a crafted SVG...

@1771technologies/oneplay (>=0.0.1 <=0.0.6), @antonyfaris/prefix-node-builtins (>=1.0.0 <=1.0.1) +408 more potentially affected by CVE-2025-65019 via @astrojs/internal-helpers (>=0.0.0-markdoc-config-changes-20230626153541 <=0.7.4)

@astrojs/internal-helpers NPM version =0.0.0-markdoc-config-changes-20230626153541, =0.0.1, =1.0.0, =0.5.0, =1.0.0, =1.0.0, =0.0.17, =0.0.2, =0.2.0, =0.0.0-experimental-7c2f356, =0.0.0-experimental-7c2f356, =0.0.0-ast-20240419160649, =13.0.0-alpha.0 and more Source cves: CVE-2025-65019 Source...

@1771technologies/oneplay (>=0.0.1 <=0.0.6), @antonyfaris/prefix-node-builtins (>=1.0.0 <=1.0.1) +394 more potentially affected by CVE-2025-64757 via @astrojs/internal-helpers (>=0.0.0-markdoc-config-changes-20230626153541 <=0.7.3)

@astrojs/internal-helpers NPM version =0.0.0-markdoc-config-changes-20230626153541, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =0.0.17, =0.0.2, =0.2.0, =0.0.0-experimental-7c2f356, =0.0.0-experimental-7c2f356, =0.0.0-ast-20240419160649, =0.0.0-10745-20240410180016, =6.2.0, =6.3.7 and more Source cves:...

Relative Path Traversal

Overview @astrojs/internal-helpers is an Internal helpers used by core Astro packages. Affected versions of this package are vulnerable to Relative Path Traversal via the href parameter in the image optimization endpoint during development mode. An attacker can access arbitrary local image files...

Server-side Request Forgery (SSRF)

Overview @astrojs/internal-helpers is an Internal helpers used by core Astro packages. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /image endpoint. An attacker can access internal or unauthorized resources by submitting crafted URLs to the generate...

@1771technologies/oneplay (>=0.0.1 <=0.0.6), @antonyfaris/prefix-node-builtins (>=1.0.0 <=1.0.1) +393 more potentially affected by CVE-2025-58179 +1 more via @astrojs/internal-helpers (>=0.0.0-markdoc-config-changes-20230626153541 <=0.7.2)

@astrojs/internal-helpers NPM version =0.0.0-markdoc-config-changes-20230626153541, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =0.0.17, =0.0.2, =0.2.0, =0.0.0-experimental-7c2f356, =0.0.0-experimental-7c2f356, =0.0.0-ast-20240419160649, =0.0.0-10745-20240410180016, =6.2.0, =6.3.6 and more Source cves:...

@1771technologies/oneplay (>=0.0.1 <=0.0.6), @antonyfaris/prefix-node-builtins (>=1.0.0 <=1.0.1) +391 more potentially affected by CVE-2025-55303 via @astrojs/internal-helpers (>=0.0.0-markdoc-config-changes-20230626153541 <=0.7.1)

@astrojs/internal-helpers NPM version =0.0.0-markdoc-config-changes-20230626153541, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =0.0.17, =0.0.2, =0.2.0, =0.0.0-experimental-7c2f356, =0.0.0-experimental-7c2f356, =0.0.0-ast-20240419160649, =0.0.0-10745-20240410180016, =6.2.0, =6.3.5 and more Source cves:...

Cross-site Scripting (XSS)

Overview @astrojs/internal-helpers is an Internal helpers used by core Astro packages. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /image endpoint. An attacker can cause loading of unauthorized third-party images, including potentially malicious SVG files,...

Open Redirect

Overview @astrojs/internal-helpers is an Internal helpers used by core Astro packages. Affected versions of this package are vulnerable to Open Redirect the trailing slash redirection logic when handling URLs with double slashes in the path. An attacker can redirect users to arbitrary external...

@1771technologies/oneplay (>=0.0.1 <=0.0.6), @antonyfaris/prefix-node-builtins (>=1.0.0 <=1.0.1) +44 more potentially affected by CVE-2025-54793 via @astrojs/internal-helpers (>=0.6.1 <=0.7.0)

@astrojs/internal-helpers NPM version =0.6.1, =0.0.1, =1.0.0, =12.2.4, =0.12.11, =6.2.1, =4.1.1, =6.2.3, =9.1.3, =8.1.2, =0.1.0, =0.1.0, =1.0.5, =1.25.426, =0.0.9, =1.3.0, =1.3.4 and more Source cves: CVE-2025-54793 Source advisory: SNYK:JS-ASTROJSINTERNALHELPERS-11508621...

GSD-2022-1004153 drm/aperture: Run fbdev removal before internal helpers

drm/aperture: Run fbdev removal before internal helpers This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.13 by commit...