PT-2025-47490

Name of the Vulnerable Software and Affected Versions Astro versions prior to 5.15.9 Description Astro, a web framework, has an issue when using the Cloudflare adapter @astrojs/cloudflare with output set to 'server'. The image optimization endpoint '/ image' includes a flaw in the isRemoteAllowed...

EUVD-2024-3552

Malicious code in bioql PyPI...

EUVD-2024-3575

Malicious code in bioql PyPI...

EUVD-2025-25029

Malicious code in bioql PyPI...

EUVD-2024-3078

Malicious code in bioql PyPI...

PT-2025-33494 · Astro · Astro

Name of the Vulnerable Software and Affected Versions: Astro versions prior to 9.4.1 Description: Astro is a web framework for content-driven websites. An open redirect vulnerability exists in certain Astro deployment scenarios. Specifically, when using the Node deployment adapter in standalone...

CVE-2024-56159 Server source code is exposed to the public if sourcemaps are enabled

Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible...

CVE-2024-56140

Astro is a web framework for content-driven websites. In affected versions a bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. When the security.checkOrigin configuration option is set to true, Astro middleware will perform a CSRF check. However, a vulnerability...

CVE-2024-56140 Bypass of CSRF Middleware in Astro

Astro is a web framework for content-driven websites. In affected versions a bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. When the security.checkOrigin configuration option is set to true, Astro middleware will perform a CSRF check. However, a vulnerability...

CVE-2024-56140 Bypass of CSRF Middleware in Astro

Astro is a web framework for content-driven websites. In affected versions a bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. When the security.checkOrigin configuration option is set to true, Astro middleware will perform a CSRF check. However, a vulnerability...

CVE-2024-56140

CVE-2024-56140 affects the Astro CSRF-protection middleware. A semicolon-delimited parameter after the Content-Type (e.g., application/x-www-form-urlencoded; abc) causes the request to be treated as a simple request, bypassing preflight validation and CSRF checks when security.checkOrigin is true...

CVE-2024-47885

The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0 and prior to version 4.16.1. It can lead to cross-site scripting XSS in websites enables Astro's client-side routing and has stored attacker-controlled scriptless HTML elements i.e., iframe tag...

CVE-2024-47885 astro's client-side router has DOM Clobbering Gadget that leads to XSS

The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0 and prior to version 4.16.1. It can lead to cross-site scripting XSS in websites enables Astro's client-side routing and has stored attacker-controlled scriptless HTML elements i.e., iframe tag...