Lucene search
K

10 matches found

Snyk
Snyk
added 2026/06/16 2:38 p.m.11 views

Server-side Request Forgery (SSRF)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the prerenderedErrorPageFetch. An attacker can access sensitive information or interact with...

8.2CVSS5.8AI score0.00196EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 2:5 p.m.9 views

Cross-site Scripting (XSS)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the data-astro-template attribute when a component uses a client: directive and the slot name is not...

7.1CVSS5.8AI score0.00177EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/21 8:39 p.m.4 views

Cross-site Scripting (XSS)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the defineScriptVars function due to incomplete sanitization of closing tags within injected variables. A...

6.1CVSS5.5AI score0.00189EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/26 3:13 a.m.5 views

Server-side Request Forgery (SSRF)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the inferSize option that fetches remote images at render time to determine their dimensions. An...

7.2CVSS6AI score0.00281EPSS
Exploits1References2
Snyk
Snyk
added 2025/11/19 8:3 p.m.5 views

Directory Traversal

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Directory Traversal via a mismatch in path normalization between routing and middleware validation. An attacker can access protected...

6.9CVSS7.7AI score0.0047EPSS
Exploits1References2
Snyk
Snyk
added 2025/11/19 8:0 p.m.2 views

Cross-site Scripting (XSS)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /server-islands/name endpoint when handling the e, s and p parameters. An attacker can execute...

8.2CVSS5.4AI score0.00446EPSS
Exploits1References3
Snyk
Snyk
added 2025/11/13 10:38 p.m.3 views

Cross-site Scripting (XSS)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the corrected variable in the error page template when the trailingSlash configuration is set to 'always...

6.1CVSS5.3AI score0.00213EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/12 4:29 a.m.1 views

EUVD-2025-115701

Malicious code in carina-chalk-init-astro npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/12 4:29 a.m.1 views

EUVD-2025-111370

Malicious code in materialize-lint-staged-supervisor-astro npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/12 4:29 a.m.1 views

EUVD-2025-115402

Malicious code in chariklo-mongoose-dependencies-astro npm...

6.6AI score
Exploits0
Rows per page
Query Builder