660 matches found
Cross-site Scripting (XSS)
Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the addAttribute function, which interpolates unescaped object keys as HTML attribute names when spreadi...
NPM: Astro: Host header SSRF in prerendered error page fetch
NPM: Astro: Host header SSRF in prerendered error page fetch vulnerability discovered by ? in WordPress Npm astro versions 6.4.6...
Astro: Host header SSRF in prerendered error page fetch
Summary Astro SSR apps with prerendered error pages /404 or /500 using export const prerender = true fetch those pages over HTTP at runtime when an error occurs. The URL for this fetch is derived from request.url, which in turn gets its origin from the incoming Host header. When the Host header i...
Server-side Request Forgery (SSRF)
Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the prerenderedErrorPageFetch. An attacker can access sensitive information or interact with...
NPM: Astro: Reflected XSS via unescaped slot name
NPM: Astro: Reflected XSS via unescaped slot name vulnerability discovered by ? in WordPress Npm astro versions 6.3.3...
Astro: Reflected XSS via unescaped slot name
Summary When a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflected XSS during SSR. This is similar...
Cross-site Scripting (XSS)
Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the data-astro-template attribute when a component uses a client: directive and the slot name is not...
PT-2026-49731
Name of the Vulnerable Software and Affected Versions Astro versions prior to 6.3.3 Description When a component utilizes a client: directive, the software inserts named slot content into a data-astro-template attribute without performing HTML escaping on the slot name. This allows an attacker to...
PT-2026-49741
Name of the Vulnerable Software and Affected Versions @astrojs/netlify versions prior to 7.0.13 Description The adapter converts image.remotePatterns into Netlify Image CDN images.remote images regular expressions using semantics broader than the canonical matcher. This occurs because a single...
CVE-2026-54298
creationtimestamp| type| source ---|---|--- 2026-06-12 16:48:25+00:00| published-proof-of-concept| https://github.com/withastro/astro/security/advisories/GHSA-jrpj-wcv7-9fh9...
CVE-2026-50146
creationtimestamp| type| source ---|---|--- 2026-06-12 16:47:18+00:00| published-proof-of-concept| https://github.com/withastro/astro/security/advisories/GHSA-8hv8-536x-4wqp...
CVE-2026-7591
A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection. The attac...
CVE-2026-41322
@astrojs/node allows Astro to deploy your SSR site to Node targets. Prior to 10.0.5, requesting a static js/css resources from astro path with an incorrect/malformed if-match header returns a 500 error with a one year cache lifetime instead of 412 in some cases. This has the effect that all...
CVE-2026-41067
Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline ,...
CVE-2026-30118
scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery SSRF in the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs, leading to...
CVE-2026-30118
scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery SSRF in the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs, leading to...
CVE-2026-30117
scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...
CVE-2026-30117
The CVE-2026-30117 entry affects scalar/astro v0.1.13, exposing an arbitrary file-upload vulnerability in the Scalar Proxy endpoint via the scalar_url parameter. This leads to remote code execution by uploading a crafted SVG file, as described across multiple sources. The CVSSv3.1 score is 9.8 (C...
CVE-2026-30117
scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...
CVE-2026-30118
scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery SSRF in the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers to force the backend server to send HTTP requests to attacker-controlled URLs, leading to...