astro

Top products

The 15 most recently published vulnerabilities affecting astro.

• CVE-2026-54298Astro: XSS via Unescaped Attribute Names in Spread Props4.2Jun 22, 2026
• CVE-2026-50146Astro: Reflected XSS via unescaped slot name7.1Jun 22, 2026
• CVE-2026-45028Astro: Server island encrypted parameters vulnerable to cross-component replay6.1May 13, 2026
• CVE-2026-41067Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass6.1Apr 24, 2026
• CVE-2026-33769Astro: Remote allowlist bypass via unanchored matchPathname wildcard5.3Mar 24, 2026
• CVE-2026-33768Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`6.5Mar 24, 2026
• CVE-2026-29772Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands5.9Mar 24, 2026
• CVE-2026-27729Astro has memory exhaustion DoS due to missing request body size limit in Server Actions5.9Feb 24, 2026
• CVE-2026-25545Astro has Full-Read SSRF in error rendering via Host: header injection8.6Feb 24, 2026
• CVE-2025-66202Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-647656.5Dec 8, 2025
• CVE-2025-64765Astro middleware authentication checks based on url.pathname can be bypassed via url encoded values5.3Nov 19, 2025
• CVE-2025-64764Astro is vulnerable to Reflected XSS via the server islands feature7.1Nov 19, 2025
• CVE-2025-65019Astro Cloudflare adapter has a Stored Cross Site Scripting vulnerability in /_image endpoint5.4Nov 19, 2025
• CVE-2025-64757Astro Development Server is Vulnerable to Arbitrary Local File Read3.5Nov 19, 2025
• CVE-2025-64745Astro development server error page vulnerable to reflected Cross-site Scripting2.7Nov 13, 2025