📦 Astro

A reflected cross-site scripting (XSS) vulnerability exists in Astro web framework when using server islands feature. Attackers can inject malicious scripts that execute in users' browsers when they v...

This vulnerability in Astro's image proxy allows attackers to bypass domain validation by using backslashes in the href parameter, enabling server-side requests to arbitrary URLs. This can lead to SSR...

This vulnerability allows unauthenticated attackers to bypass path-based authentication checks in Astro web framework middleware by using double-encoded URLs. Attackers can access protected routes tha...

This vulnerability in Astro's Cloudflare adapter allows attackers to inject malicious SVG payloads via data: URLs in the image optimization endpoint, enabling Cross-Site Scripting (XSS) attacks. It af...

This vulnerability allows attackers to bypass middleware validation checks in Astro web applications by using URL-encoded path variants. The mismatch between how Astro normalizes paths for routing ver...

Astro web framework versions 2.16.0 to 5.15.4 with on-demand rendering are vulnerable to header injection attacks. Attackers can manipulate x-forwarded-proto and x-forwarded-port headers to bypass mid...

Astro web framework versions before 5.14.2 reflect unvalidated X-Forwarded-Host header values in Astro.url output, allowing attackers to manipulate URLs used for canonical links, login forms, or other...

This vulnerability in Astro web framework allows attackers to bypass third-party domain restrictions in the image optimization endpoint. By using protocol-relative URLs (e.g., //example.com/image.png)...

Astro web framework versions 5.2.0 through 5.12.7 contain an open redirect vulnerability in trailing slash redirection logic when handling paths with double slashes. Attackers can craft URLs to redire...

A vulnerability in Astro web framework's build process exposes server source code via publicly accessible sourcemap files. Unauthenticated attackers can read server-side code, potentially revealing im...

This vulnerability allows attackers to bypass CSRF protection in Astro web framework by manipulating Content-Type headers. Websites using Astro with security.checkOrigin enabled are affected. Attacker...

A vulnerability in Astro framework's development server allows attackers to read arbitrary local image files through the image optimization endpoint. This affects Astro development environments runnin...