Package impact
npm / @astrojs/node
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41322 | unknown | — | — | 1mo ago | Astro: Cache Poisoning due to incorrect error handling when if-match header is malformed | |||
| CVE-2026-29772 | unknown | — | — | 2mo ago | Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands | |||
| CVE-2026-27729 | unknown | — | — | 3mo ago | Astro has memory exhaustion DoS due to missing request body size limit in Server Actions | |||
| CVE-2026-27829 | unknown | — | — | 3mo ago | Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize | |||
| CVE-2026-25545 | unknown | — | — | 3mo ago | Astro has Full-Read SSRF in error rendering via Host: header injection | |||
| CVE-2025-55303 | unknown | — | — | 9mo ago | Astro allows unauthorized third-party images in _image endpoint | |||
| CVE-2025-55207 | unknown | — | — | 10mo ago | @astrojs/node's trailing slash handling causes open redirect issue |