Lucene search
+L

78 matches found

NVD
NVD
added 2026/06/22 7:17 p.m.11 views

CVE-2026-54300

@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remoteimages regular expressions with broader semantics than Astro's canonical matcher. A...

5.3CVSS0.00187EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 5:30 p.m.5 views

CVE-2026-54300

@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remoteimages regular expressions with broader semantics than Astro's canonical matcher. A...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 5:30 p.m.19 views

CVE-2026-54300

The CVE-2026-54300 issue affects the Astro package @astrojs/netlify (Netlify adapter). Before version 7.0.13, the adapter converts image.remotePatterns into Netlify Image CDN images.remote_images regexes with broader semantics than Astro’s canonical matcher. Specifically, wildcards like .example....

5.3CVSS5.8AI score0.00187EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 5:30 p.m.33 views

CVE-2026-54300 @astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config

@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remoteimages regular expressions with broader semantics than Astro's canonical matcher. A...

5.3CVSS0.00187EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 5:30 p.m.4 views

CVE-2026-54300 @astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config

@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remoteimages regular expressions with broader semantics than Astro's canonical matcher. A...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References3
Veracode
Veracode
added 2026/06/17 5:50 p.m.13 views

Improper Access Control

@astrojs/netlify is vulnerable to Improper Access Control. The vulnerability is due to overly permissive conversion of Astro image.remotePatterns into Netlify Image CDN regular expressions, which allows an attacker to bypass intended hostname and pathname restrictions and access unintended remote...

5.3CVSS5.4AI score0.00187EPSS
Exploits0References4Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:58 a.m.9 views

Malicious code in @mastra/deployer-netlify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2fc319f7f95075b9eb23f3c1dbde016dd6f4a23add16bf96a3449149d316d571 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/17 4:58 a.m.9 views

MAL-2026-6017 Malicious code in @mastra/deployer-netlify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2fc319f7f95075b9eb23f3c1dbde016dd6f4a23add16bf96a3449149d316d571 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/16 2:37 p.m.9 views

@astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config

Summary @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remoteimages regular expressions with broader semantics than Astro's canonical matcher. A single wildcard hostname such as .example.com is converted to an optional subdomain regex, so the apex host matches....

5.3CVSS5.5AI score0.00187EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/16 2:37 p.m.13 views

Incomplete List of Disallowed Inputs

Overview @astrojs/netlify is a Deploy your site to Netlify Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the conversion process of image.remotePatterns to Netlify Image CDN images.remoteimages regular expressions. An attacker can access image-like...

6.9CVSS5.8AI score0.00187EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-49741

Name of the Vulnerable Software and Affected Versions @astrojs/netlify versions prior to 7.0.13 Description The adapter converts image.remotePatterns into Netlify Image CDN images.remote images regular expressions using semantics broader than the canonical matcher. This occurs because a single...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/04/24 4:34 p.m.9 views

@netlify/agent-runner-cli (>=1.83.1 <=1.94.0-netlifydb.4), feishu-claude-bot (=0.1.0) +1 more potentially affected by CVE-2026-40068 via @anthropic-ai/claude-code (>=2.1.63 <=2.1.81)

@anthropic-ai/claude-code NPM version =2.1.63, =1.83.1, =1.2.2, =1.2.3 Source cves: CVE-2026-40068 Source advisory: OSV:GHSA-Q5HJ-MXQH-VV77...

8.8CVSS5.8AI score0.00281EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/24 4:34 p.m.9 views

@netlify/agent-runner-cli (>=1.83.1 <=1.94.0-netlifydb.4), feishu-claude-bot (=0.1.0) +1 more potentially affected by CVE-2026-40068 via @anthropic-ai/claude-code (>=2.1.63 <=2.1.81)

@anthropic-ai/claude-code NPM version =2.1.63, =1.83.1, =1.2.2, =1.2.3 Source cves: CVE-2026-40068 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-16301567...

8.8CVSS5.8AI score0.00281EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/18 1:0 p.m.8 views

Malicious code in netlify-claude-ai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5139f35306556d4571bbe595a55c782a1635c7f3542cef6e7ce402bbe014b5e3 The package netlify-claude-ai was found to contain malicious code...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/18 1:0 p.m.5 views

MAL-2026-1796 Malicious code in netlify-claude-ai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5139f35306556d4571bbe595a55c782a1635c7f3542cef6e7ce402bbe014b5e3 The package netlify-claude-ai was found to contain malicious code...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/02/03 3:54 a.m.5 views

Malicious Package

Overview netlify-project-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.4AI score
Exploits0References2
OSV
OSV
added 2026/02/03 3:54 a.m.5 views

MAL-2026-661 Malicious code in netlify-project-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d2c95931ae7b5a6c572ebecb2cd096bd4cef37bcf61a440cbb2338062f4a836 The package netlify-project-helper was found to contain malicious code. Source: ghsa-malware...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/03 3:54 a.m.8 views

Malicious code in netlify-project-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d2c95931ae7b5a6c572ebecb2cd096bd4cef37bcf61a440cbb2338062f4a836 The package netlify-project-helper was found to contain malicious code. Source: ghsa-malware...

5.4AI score
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-42665

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00625EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-6760

Malicious code in bioql PyPI...

6.1CVSS5.6AI score0.00358EPSS
Exploits0References6
Rows per page
Query Builder