CVE-2025-54793

Summary: CVE-2025-54793 affects Astro web framework. Versions 5.2.0 through 5.12.7 have an Open Redirect in the trailing slash redirection logic when handling paths with double slashes, enabling a user to be redirected to an external domain via crafted URLs (e.g., https://example.com//malicious-s...

CVE-2025-54793 Astro: Duplicate trailing slash feature can lead to Open Redirects

Astro is a web framework for content-driven websites. In versions 5.2.0 through 5.12.7, there is an Open Redirect vulnerability in the trailing slash redirection logic when handling paths with double slashes. This allows an attacker to redirect users to arbitrary external domains by crafting URLs...

Astro 输入验证错误漏洞

Astro is an Astro open source web framework for content-driven websites. An input validation error vulnerability exists in Astro versions 5.2.0 through 5.12.7, which stems from improper handling of double-slash paths and could lead to an open redirection attack...

Astros's duplicate trailing slash feature leads to an open redirection security issue

Summary There is an Open Redirection vulnerability in the trailing slash redirection logic when handling paths with double slashes. This allows an attacker to redirect users to arbitrary external domains by crafting URLs such as https://mydomain.com//malicious-site.com/. This increases the risk o...

GHSA-CQ8C-XV66-36GW Astros's duplicate trailing slash feature leads to an open redirection security issue

Summary There is an Open Redirection vulnerability in the trailing slash redirection logic when handling paths with double slashes. This allows an attacker to redirect users to arbitrary external domains by crafting URLs such as https://mydomain.com//malicious-site.com/. This increases the risk o...

PT-2025-32332

Name of the Vulnerable Software and Affected Versions Astro versions 5.2.0 through 5.12.7 Description Astro is susceptible to an Open Redirect vulnerability stemming from improper handling of paths containing double slashes in its trailing slash redirection logic. This allows an attacker to...

Malicious code in astro-benchmark (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-6696 Malicious code in astro-benchmark (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Malicious code in astro-island (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-5363 Malicious code in astro-island (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

CVE-2024-47885

The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0 and prior to version 4.16.1. It can lead to cross-site scripting XSS in websites enables Astro's client-side routing and has stored attacker-controlled scriptless HTML elements i.e., iframe tag...

CVE-2024-56159

Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible...

CVE-2024-56140

Astro is a web framework for content-driven websites. In affected versions a bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. When the security.checkOrigin configuration option is set to true, Astro middleware will perform a CSRF check. However, a vulnerability...

CVE-2024-56924

A Cross Site Request Forgery CSRF vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page pagesaccount, potentially leading to unauthorized actions such as changing account settings or stealing sensitive user information...

CVE-2023-50249

Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS Regular expression Denial of Service vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server, leading...

Malicious code in astro-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5eb39edf57f35aebc402844f0886c494159650bcfbb6faf113aad3c6a62707e9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3756 Malicious code in astro-scripts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5eb39edf57f35aebc402844f0886c494159650bcfbb6faf113aad3c6a62707e9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-29015

Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting XSS via the name parameter in /admin/pagesaccount.php...

CVE-2025-29015

Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting XSS via the name parameter in /admin/pagesaccount.php...

PT-2025-16961 · Unknown · Codeastro Internet Banking System

Name of the Vulnerable Software and Affected Versions: Code Astro Internet Banking System version 2.0.0 Description: The issue concerns Cross Site Scripting XSS via the name parameter in the "/admin/pages account.php" API endpoint. This allows for potential malicious script injection. No...