CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

VulnCheck KEV•added 2026/04/30 12:0 a.m.•5 views

VulnCheck KEV: CVE-2025-58179

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...

7.2CVSS5.2AI score0.00376EPSS

In wildExploits1References2

OSV•added 2025/11/19 8:9 p.m.•2 views

GHSA-FVMW-CJ7J-J39Q Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint

Summary A Cross-Site Scripting XSS vulnerability exists in Astro when using the @astrojs/cloudflare adapter with output: 'server'. The built-in image optimization endpoint /image uses isRemoteAllowed from Astro’s internal helpers, which unconditionally allows data: URLs. When the endpoint receive...

5.4CVSS6.4AI score0.00033EPSS

Exploits1References4

Veracode•added 2025/10/06 10:28 a.m.•3 views

Server-side Request Forgery

astrojs/cloudflare is vulnerable to Server-side Request Forgery. The vulnerability is due to insufficient URL validation in the generated image optimization endpoint when the adapter is used with output: 'server' and the default imageService: 'compile', an attacker can exploit this to have the...

7.2CVSS7.1AI score0.00376EPSS

Exploits1References2Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-3552

Malicious code in bioql PyPI...

7.8CVSS6.4AI score0.1078EPSS

Exploits1References8

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-26878

Malicious code in bioql PyPI...

7.2CVSS6.3AI score0.00376EPSS

Exploits1References2

RedhatCVE•added 2025/09/07 12:45 a.m.•1 views

CVE-2025-58179

7.2CVSS6.8AI score0.00376EPSS

Exploits1References1

NVD•added 2025/09/05 12:15 a.m.•1 views

CVE-2025-58179

7.2CVSS0.00376EPSS

Exploits1References2

OSV•added 2025/09/04 11:36 p.m.•2 views

CVE-2025-58179 Astro Cloudflare adapter is vulnerable to Server-Side Request Forgery via /_image endpoint

7.2CVSS6.4AI score0.00376EPSS

Exploits1References4

Github Security Blog•added 2025/09/04 7:24 p.m.•7 views

Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter

Summary When using Astro's Cloudflare adapter @astrojs/cloudflare configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URLs it receives, allowing content from unauthorized third-party domains to be served...

7.2CVSS6AI score0.00376EPSS

Exploits1References4Affected Software1

OSV•added 2025/09/04 7:24 p.m.•1 views

GHSA-QPR4-C339-7VQ8 Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter

7.2CVSS6AI score0.00376EPSS

Exploits1References4

Positive Technologies•added 2025/09/04 12:0 a.m.•1 views

PT-2025-36102

Name of the Vulnerable Software and Affected Versions Astro versions 11.0.3 through 12.6.5 Description Astro, a web framework for content-driven websites, is susceptible to a Server-Side Request Forgery SSRF issue when utilizing the Cloudflare adapter. When configured with output: 'server' and th...

7.2CVSS6.5AI score0.00376EPSS

Exploits1References17

NVD•added 2024/12/19 7:15 p.m.•9 views

CVE-2024-56159

Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible...

7.8CVSS0.1078EPSS

Exploits1References4

OSV•added 2024/12/19 6:58 p.m.•3 views

CVE-2024-56159 Server source code is exposed to the public if sourcemaps are enabled

7.8CVSS7AI score0.1078EPSS

Exploits1References6