Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2026/03/24 7:29 p.m.3 views

EUVD-2026-14962

Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands...

5.9CVSS5.8AI score0.0037EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/03/24 6:38 p.m.10 views

CVE-2026-29772

Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and parses the full request body as JSON without enforcing a size limit. Because JSON.parse allocates a V8 heap object for every element in the input, a crafted payload of many small JSON objects achiev...

5.9CVSS5.8AI score0.0037EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2026/03/24 6:38 p.m.2 views

CVE-2026-29772 Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands

Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and parses the full request body as JSON without enforcing a size limit. Because JSON.parse allocates a V8 heap object for every element in the input, a crafted payload of many small JSON objects achiev...

5.9CVSS5.8AI score0.0037EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/03/24 12:0 a.m.5 views

PT-2026-27479

Name of the Vulnerable Software and Affected Versions Astro versions prior to 10.0.0 Description Astro's Server Islands POST handler does not enforce a size limit when buffering and parsing JSON request bodies. The JSON.parse function allocates a V8 heap object for each element in the input,...

5.9CVSS5.9AI score0.0037EPSS
Exploits1References8
Github Security Blog
Github Security Blogadded 2026/02/25 10:33 p.m.7 views

Astro has memory exhaustion DoS due to missing request body size limit in Server Actions

Summary Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. Details On-demand rendered sites built with Astro can define server actions...

7.5CVSS5.7AI score0.00415EPSS
Exploits1References6Affected Software1
OSV
OSVadded 2026/02/25 10:33 p.m.6 views

GHSA-JM64-8M5Q-4QH8 Astro has memory exhaustion DoS due to missing request body size limit in Server Actions

Summary Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. Details On-demand rendered sites built with Astro can define server actions...

5.9CVSS5.8AI score0.00415EPSS
Exploits1References6
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-25029

Malicious code in bioql PyPI...

6.9CVSS6.3AI score0.00534EPSS
Exploits0References3
NVD
NVDadded 2025/08/15 4:15 p.m.6 views

CVE-2025-55207

Astro is a web framework for content-driven websites. Following CVE-2025-54793 there's still an Open Redirect vulnerability in a subset of Astro deployment scenarios prior to version 9.4.1. Astro 5.12.8 addressed CVE-2025-54793 where https://example.com//astro.build/press would redirect to the...

6.9CVSS0.00534EPSS
Exploits0References2
Rows per page
Query Builder