Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

withastro — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting withastro. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by withastro:astro@astrojs/cloudflare
CVE IDTitleCVSSSeverityPublished
CVE-2026-41322 @astrojs/node: Cache Poisoning due to incorrect error handling when if-match header is malformed — astroCWE-525 5.3 Medium2026-04-24
CVE-2026-41321 @astrojs/cloudflare: SSRF via redirect following in Cloudflare image-binding-transform endpoint — @astrojs/cloudflareCWE-918 2.2 Low2026-04-24
CVE-2026-41067 Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass — astroCWE-79 6.1 Medium2026-04-24
CVE-2026-33769 Astro: Remote allowlist bypass via unanchored matchPathname wildcard — astroCWE-20 9.1 -2026-03-24
CVE-2026-33768 Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path` — astroCWE-441 6.5 Medium2026-03-24
CVE-2026-29772 Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands — astroCWE-770 5.9 Medium2026-03-24
CVE-2026-27829 Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize — astroCWE-918 6.5 Medium2026-02-26
CVE-2026-27729 Astro has memory exhaustion DoS due to missing request body size limit in Server Actions — astroCWE-770 5.9 Medium2026-02-24
CVE-2026-25545 Astro has Full-Read SSRF in error rendering via Host: header injection — astroCWE-918 9.1 -2026-02-24
CVE-2025-66202 Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765 — astroCWE-647 6.5 Medium2025-12-08
CVE-2025-64765 Astro middleware authentication checks based on url.pathname can be bypassed via url encoded values — astroCWE-22 8.2AIHighAI2025-11-19
CVE-2025-64764 Astro is vulnerable to Reflected XSS via the server islands feature — astroCWE-80 7.1 High2025-11-19
CVE-2025-65019 Astro Cloudflare adapter has a Stored Cross Site Scripting vulnerability in /_image endpoint — astroCWE-79 5.4 Medium2025-11-19
CVE-2025-64757 Astro Development Server is Vulnerable to Arbitrary Local File Read — astroCWE-22 3.5 Low2025-11-19
CVE-2025-64745 Astro development server error page vulnerable to reflected Cross-site Scripting — astroCWE-79 2.7 Low2025-11-13
CVE-2025-64525 Astro: URL manipulation via unsanitized headers leads to path-based middleware protections bypass, potential SSRF/cache-poisoning, CVE-2025-61925 bypass — astroCWE-918 6.5 Medium2025-11-13
CVE-2025-59837 astro allows bypass of image proxy domain validation leading to SSRF and potential XSS — astroCWE-918 7.2 High2025-10-28
CVE-2025-61925 Astro's `X-Forwarded-Host` is reflected with no validation — astroCWE-470 6.5 Medium2025-10-10
CVE-2025-58179 Astro Cloudflare adapter is vulnerable to Server-Side Request Forgery via /_image endpoint — astroCWE-918 7.2 High2025-09-04
CVE-2025-55303 Unauthorized third-party images in Astro’s _image endpoint — astroCWE-79 7.2AIHighAI2025-08-19
CVE-2025-55207 @astrojs/node's trailing slash handling causes open redirect issue — astroCWE-601 6.1AIMediumAI2025-08-15
CVE-2025-54793 Astro: Duplicate trailing slash feature can lead to Open Redirects — astroCWE-601 6.1 -2025-08-08
CVE-2024-56159 Server source code is exposed to the public if sourcemaps are enabled — astroCWE-219 7.5 -2024-12-19
CVE-2024-56140 Bypass of CSRF Middleware in Astro — astroCWE-352 5.9 Medium2024-12-18
CVE-2024-47885 astro's client-side router has DOM Clobbering Gadget that leads to XSS — astroCWE-79 5.9 Medium2024-10-14

This page lists every published CVE security advisory associated with withastro. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.