78 matches found
CVE-2026-54300
@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remoteimages regular expressions with broader semantics than Astro's canonical matcher. A...
CVE-2026-54300
@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remoteimages regular expressions with broader semantics than Astro's canonical matcher. A...
CVE-2026-54300
The CVE-2026-54300 issue affects the Astro package @astrojs/netlify (Netlify adapter). Before version 7.0.13, the adapter converts image.remotePatterns into Netlify Image CDN images.remote_images regexes with broader semantics than Astro’s canonical matcher. Specifically, wildcards like .example....
CVE-2026-54300 @astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config
@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remoteimages regular expressions with broader semantics than Astro's canonical matcher. A...
CVE-2026-54300 @astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config
@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remoteimages regular expressions with broader semantics than Astro's canonical matcher. A...
Improper Access Control
@astrojs/netlify is vulnerable to Improper Access Control. The vulnerability is due to overly permissive conversion of Astro image.remotePatterns into Netlify Image CDN regular expressions, which allows an attacker to bypass intended hostname and pathname restrictions and access unintended remote...
Malicious code in @mastra/deployer-netlify (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2fc319f7f95075b9eb23f3c1dbde016dd6f4a23add16bf96a3449149d316d571 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
MAL-2026-6017 Malicious code in @mastra/deployer-netlify (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2fc319f7f95075b9eb23f3c1dbde016dd6f4a23add16bf96a3449149d316d571 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
@astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config
Summary @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remoteimages regular expressions with broader semantics than Astro's canonical matcher. A single wildcard hostname such as .example.com is converted to an optional subdomain regex, so the apex host matches....
Incomplete List of Disallowed Inputs
Overview @astrojs/netlify is a Deploy your site to Netlify Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the conversion process of image.remotePatterns to Netlify Image CDN images.remoteimages regular expressions. An attacker can access image-like...
PT-2026-49741
Name of the Vulnerable Software and Affected Versions @astrojs/netlify versions prior to 7.0.13 Description The adapter converts image.remotePatterns into Netlify Image CDN images.remote images regular expressions using semantics broader than the canonical matcher. This occurs because a single...
@netlify/agent-runner-cli (>=1.83.1 <=1.94.0-netlifydb.4), feishu-claude-bot (=0.1.0) +1 more potentially affected by CVE-2026-40068 via @anthropic-ai/claude-code (>=2.1.63 <=2.1.81)
@anthropic-ai/claude-code NPM version =2.1.63, =1.83.1, =1.2.2, =1.2.3 Source cves: CVE-2026-40068 Source advisory: OSV:GHSA-Q5HJ-MXQH-VV77...
@netlify/agent-runner-cli (>=1.83.1 <=1.94.0-netlifydb.4), feishu-claude-bot (=0.1.0) +1 more potentially affected by CVE-2026-40068 via @anthropic-ai/claude-code (>=2.1.63 <=2.1.81)
@anthropic-ai/claude-code NPM version =2.1.63, =1.83.1, =1.2.2, =1.2.3 Source cves: CVE-2026-40068 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-16301567...
Malicious code in netlify-claude-ai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5139f35306556d4571bbe595a55c782a1635c7f3542cef6e7ce402bbe014b5e3 The package netlify-claude-ai was found to contain malicious code...
MAL-2026-1796 Malicious code in netlify-claude-ai (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5139f35306556d4571bbe595a55c782a1635c7f3542cef6e7ce402bbe014b5e3 The package netlify-claude-ai was found to contain malicious code...
Malicious Package
Overview netlify-project-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
MAL-2026-661 Malicious code in netlify-project-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d2c95931ae7b5a6c572ebecb2cd096bd4cef37bcf61a440cbb2338062f4a836 The package netlify-project-helper was found to contain malicious code. Source: ghsa-malware...
Malicious code in netlify-project-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d2c95931ae7b5a6c572ebecb2cd096bd4cef37bcf61a440cbb2338062f4a836 The package netlify-project-helper was found to contain malicious code. Source: ghsa-malware...
EUVD-2023-42665
Malicious code in bioql PyPI...
EUVD-2022-6760
Malicious code in bioql PyPI...