CVE-2026-54300

@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remoteimages regular expressions with broader semantics than Astro's canonical matcher. A...

CVE-2026-54300 @astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config

@astrojs/netlify is an adapter that allows Astro to deploy your hybrid or server rendered site to Netlify. Prior to 7.0.13, @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remoteimages regular expressions with broader semantics than Astro's canonical matcher. A...

CVE-2026-54300

The CVE-2026-54300 issue affects the Astro package @astrojs/netlify (Netlify adapter). Before version 7.0.13, the adapter converts image.remotePatterns into Netlify Image CDN images.remote_images regexes with broader semantics than Astro’s canonical matcher. Specifically, wildcards like .example....

Improper Access Control

@astrojs/netlify is vulnerable to Improper Access Control. The vulnerability is due to overly permissive conversion of Astro image.remotePatterns into Netlify Image CDN regular expressions, which allows an attacker to bypass intended hostname and pathname restrictions and access unintended remote...

Incomplete List of Disallowed Inputs

Overview @astrojs/netlify is a Deploy your site to Netlify Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the conversion process of image.remotePatterns to Netlify Image CDN images.remoteimages regular expressions. An attacker can access image-like...

@astrojs/netlify broadens Astro image.remotePatterns in Netlify Image CDN config

Summary @astrojs/netlify converts Astro image.remotePatterns into Netlify Image CDN images.remoteimages regular expressions with broader semantics than Astro's canonical matcher. A single wildcard hostname such as .example.com is converted to an optional subdomain regex, so the apex host matches....

PT-2026-49741

Name of the Vulnerable Software and Affected Versions @astrojs/netlify versions prior to 7.0.13 Description The adapter converts image.remotePatterns into Netlify Image CDN images.remote images regular expressions using semantics broader than the canonical matcher. This occurs because a single...

@netlify/agent-runner-cli (>=1.83.1 <=1.94.0-netlifydb.4), feishu-claude-bot (=0.1.0) +1 more potentially affected by CVE-2026-40068 via @anthropic-ai/claude-code (>=2.1.63 <=2.1.81)

@anthropic-ai/claude-code NPM version =2.1.63, =1.83.1, =1.2.2, =1.2.3 Source cves: CVE-2026-40068 Source advisory: OSV:GHSA-Q5HJ-MXQH-VV77...

@netlify/agent-runner-cli (>=1.83.1 <=1.94.0-netlifydb.4), feishu-claude-bot (=0.1.0) +1 more potentially affected by CVE-2026-40068 via @anthropic-ai/claude-code (>=2.1.63 <=2.1.81)

@anthropic-ai/claude-code NPM version =2.1.63, =1.83.1, =1.2.2, =1.2.3 Source cves: CVE-2026-40068 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-16301567...

MAL-2026-1796 Malicious code in netlify-claude-ai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5139f35306556d4571bbe595a55c782a1635c7f3542cef6e7ce402bbe014b5e3 The package netlify-claude-ai was found to contain malicious code...

Malicious code in netlify-claude-ai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5139f35306556d4571bbe595a55c782a1635c7f3542cef6e7ce402bbe014b5e3 The package netlify-claude-ai was found to contain malicious code...

Malicious Package

Overview netlify-project-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Malicious code in netlify-project-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d2c95931ae7b5a6c572ebecb2cd096bd4cef37bcf61a440cbb2338062f4a836 The package netlify-project-helper was found to contain malicious code. Source: ghsa-malware...

MAL-2026-661 Malicious code in netlify-project-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d2c95931ae7b5a6c572ebecb2cd096bd4cef37bcf61a440cbb2338062f4a836 The package netlify-project-helper was found to contain malicious code. Source: ghsa-malware...

EUVD-2022-6760

Malicious code in bioql PyPI...

EUVD-2023-42665

Malicious code in bioql PyPI...

How AI-Native Development Platforms Enable Fake Captcha Pages

Cybercriminals are abusing AI-native platforms like Vercel, Netlify, and Lovable to host fake captcha pages that deceive users, bypass detection, and drive phishing campaigns...

@akaiv/core (>=1.2.6 <=1.8.3), @akaiv/discord-client (>=1.0.0 <=1.4.1) +3 more potentially affected by unknown CVE via minimst (=0.0.1-security)

minimst NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on minimst and may be impacted: - @akaiv/core =1.2.6, =1.0.0, =0.1.0, =0.4.0 - @akaiv/kakao-client =2.0.1 - netlify-minutes =0.1.0 Source cves: unknown CVE Source advisory...

CVE-2025-54793

Astro is a web framework for content-driven websites. In versions 5.2.0 through 5.12.7, there is an Open Redirect vulnerability in the trailing slash redirection logic when handling paths with double slashes. This allows an attacker to redirect users to arbitrary external domains by crafting URLs...

CVE-2025-54793 Astro: Duplicate trailing slash feature can lead to Open Redirects

Astro is a web framework for content-driven websites. In versions 5.2.0 through 5.12.7, there is an Open Redirect vulnerability in the trailing slash redirection logic when handling paths with double slashes. This allows an attacker to redirect users to arbitrary external domains by crafting URLs...