PT-2026-49553

Name of the Vulnerable Software and Affected Versions Starlette versions 1.0.1 and earlier Description In the HTTPEndpoint component, the handler is selected by lowercasing the HTTP method and looking it up as an attribute using getattr without restricting the lookup to a known set of HTTP verbs...

@1771technologies/lytenyte-doc (=1.0.13), @1771technologies/oneplay (>=0.0.1 <=0.0.6) +554 more potentially affected by CVE-2026-33769 via @astrojs/internal-helpers (>=0.0.0-markdoc-config-changes-20230626153541 <=0.7.5)

@astrojs/internal-helpers NPM version =0.0.0-markdoc-config-changes-20230626153541, =0.0.1, =0.0.3, =0.2.0, =1.3.0, =0.9.0, =0.5.2, =1.0.0, =0.5.0, =1.0.0, =1.0.0, =0.0.17, =0.0.2, =0.0.10 and more Source cves: CVE-2026-33769 Source advisory: SNYK:JS-ASTROJSINTERNALHELPERS-15763364...

@astrojs/cloudflare (>=13.0.0-beta.4 <=13.0.0-beta.14), @astrojs/markdoc (>=1.0.0-beta.7 <=1.0.0-beta.15) +8 more potentially affected by CVE-2026-33769 via @astrojs/internal-helpers (>=0.8.0-beta.0 <=0.8.0-beta.3)

@astrojs/internal-helpers NPM version =0.8.0-beta.0, =13.0.0-beta.4, =1.0.0-beta.7, =7.0.0-beta.4, =5.0.0-beta.4, =7.0.0-beta.6, =10.0.0-beta.1, =10.0.0-beta.1, =6.0.0-beta.7, =6.0.0-beta.20 Source cves: CVE-2026-33769 Source advisory: SNYK:JS-ASTROJSINTERNALHELPERS-15763364...

n8n 安全漏洞

n8n is a scalable workflow automation tool from n8n open source. A security vulnerability exists in versions prior to n8n 2.0.0 that stems from Code node being able to call internal helper functions that could result in reading or writing to the host file system...

Cross-site Scripting (XSS)

Overview @astrojs/internal-helpers is an Internal helpers used by core Astro packages. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the isRemoteAllowed function. An attacker can execute arbitrary JavaScript in the victim's browser by submitting a crafted SVG...

@1771technologies/oneplay (>=0.0.1 <=0.0.6), @a1st/aix (>=0.0.3 <=0.5.1) +547 more potentially affected by CVE-2025-65019 via @astrojs/internal-helpers (>=0.0.0-markdoc-config-changes-20230626153541 <=0.7.4)

@astrojs/internal-helpers NPM version =0.0.0-markdoc-config-changes-20230626153541, =0.0.1, =0.0.3, =0.2.0, =1.3.0, =0.9.0, =0.5.2, =1.0.0, =0.5.0, =1.0.0, =1.0.0, =0.0.17, =0.0.2, =0.0.10 - @astro-component/button =0.0.1 and more Source cves: CVE-2025-65019 Source advisory:...

Relative Path Traversal

Overview @astrojs/internal-helpers is an Internal helpers used by core Astro packages. Affected versions of this package are vulnerable to Relative Path Traversal via the href parameter in the image optimization endpoint during development mode. An attacker can access arbitrary local image files...

@1771technologies/oneplay (>=0.0.1 <=0.0.6), @a1st/aix (>=0.0.3 <=0.5.1) +534 more potentially affected by CVE-2025-64757 via @astrojs/internal-helpers (>=0.0.0-markdoc-config-changes-20230626153541 <=0.7.3)

@astrojs/internal-helpers NPM version =0.0.0-markdoc-config-changes-20230626153541, =0.0.1, =0.0.3, =0.2.0, =1.3.0, =0.9.0, =0.5.2, =1.0.0, =1.0.0, =1.0.0, =0.0.17, =0.0.2, =0.2.0, =0.0.0-experimental-7c2f356, =0.10.1 and more Source cves: CVE-2025-64757 Source advisory:...

Server-side Request Forgery (SSRF)

Overview @astrojs/internal-helpers is an Internal helpers used by core Astro packages. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /image endpoint. An attacker can access internal or unauthorized resources by submitting crafted URLs to the generate...

@1771technologies/oneplay (>=0.0.1 <=0.0.6), @a1st/aix (>=0.0.3 <=0.5.1) +533 more potentially affected by CVE-2025-58179 +1 more via @astrojs/internal-helpers (>=0.0.0-markdoc-config-changes-20230626153541 <=0.7.2)

@astrojs/internal-helpers NPM version =0.0.0-markdoc-config-changes-20230626153541, =0.0.1, =0.0.3, =0.2.0, =1.3.0, =0.9.0, =0.5.2, =1.0.0, =1.0.0, =1.0.0, =0.0.17, =0.0.2, =0.2.0, =0.0.0-experimental-7c2f356, =0.10.1 and more Source cves: CVE-2025-58179, CVE-2025-59837 Source advisory:...

@1771technologies/oneplay (>=0.0.1 <=0.0.6), @a1st/aix (>=0.0.3 <=0.5.1) +531 more potentially affected by CVE-2025-55303 via @astrojs/internal-helpers (>=0.0.0-markdoc-config-changes-20230626153541 <=0.7.1)

@astrojs/internal-helpers NPM version =0.0.0-markdoc-config-changes-20230626153541, =0.0.1, =0.0.3, =0.2.0, =1.3.0, =0.9.0, =0.5.2, =1.0.0, =1.0.0, =1.0.0, =0.0.17, =0.0.2, =0.2.0, =0.0.0-experimental-7c2f356, =0.10.1 and more Source cves: CVE-2025-55303 Source advisory:...

Cross-site Scripting (XSS)

Overview @astrojs/internal-helpers is an Internal helpers used by core Astro packages. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /image endpoint. An attacker can cause loading of unauthorized third-party images, including potentially malicious SVG files,...

@1771technologies/oneplay (>=0.0.1 <=0.0.6), @antonyfaris/prefix-node-builtins (>=1.0.0 <=1.0.1) +44 more potentially affected by CVE-2025-54793 via @astrojs/internal-helpers (>=0.6.1 <=0.7.0)

@astrojs/internal-helpers NPM version =0.6.1, =0.0.1, =1.0.0, =12.2.4, =0.12.11, =6.2.1, =4.1.1, =6.2.3, =9.1.3, =8.1.2, =0.1.0, =0.1.0, =1.0.5, =1.25.426, =0.0.9, =1.3.0, =1.3.4 and more Source cves: CVE-2025-54793 Source advisory: SNYK:JS-ASTROJSINTERNALHELPERS-11508621...

Open Redirect

Overview @astrojs/internal-helpers is an Internal helpers used by core Astro packages. Affected versions of this package are vulnerable to Open Redirect the trailing slash redirection logic when handling URLs with double slashes in the path. An attacker can redirect users to arbitrary external...

GSD-2022-1004153 drm/aperture: Run fbdev removal before internal helpers

drm/aperture: Run fbdev removal before internal helpers This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.13 by commit...