VIR Vulnerability Intelligence Relay

Package impact

npm npm / astro

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-45028 medium 6.1 6.1 16d ago Astro: Server island encrypted parameters vulnerable to cross-component replay
CVE-2026-41067 unknown 1mo ago Astro: XSS in define:vars via incomplete </script> tag sanitization
CVE-2026-33769 unknown 2mo ago Astro: Remote allowlist bypass via unanchored matchPathname wildcard
CVE-2025-66202 unknown 6mo ago Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765
CVE-2025-65019 unknown 6mo ago Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint
CVE-2025-64765 unknown 6mo ago Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values
CVE-2025-64764 unknown 6mo ago Astro vulnerable to reflected XSS via the server islands feature
CVE-2025-64757 unknown 6mo ago Astro Development Server has Arbitrary Local File Read
CVE-2025-64525 unknown 7mo ago Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass
CVE-2025-64745 unknown 7mo ago Astro development server error page is vulnerable to reflected Cross-site Scripting
CVE-2025-59837 unknown 7mo ago Astro's bypass of image proxy domain validation leads to SSRF and potential XSS
CVE-2025-61925 unknown 8mo ago Astro's `X-Forwarded-Host` is reflected without validation
CVE-2025-55303 unknown 9mo ago Astro allows unauthorized third-party images in _image endpoint
CVE-2025-54793 unknown 10mo ago Astros's duplicate trailing slash feature leads to an open redirection security issue
CVE-2024-56159 unknown 2y ago Astro's server source code is exposed to the public if sourcemaps are enabled
CVE-2024-56140 unknown 2y ago Atro CSRF Middleware Bypass (security.checkOrigin)
CVE-2024-47885 unknown 2y ago DOM Clobbering Gadget found in astro's client-side router that leads to XSS