Exposure of Astro
JavaScript frameworks, Static site generator45
exposure score
31,643
sites use
0
exploited
1
critical
CVEs
31 resultsCVE-2026-25545MEDIUMAstro has Full-Read SSRF in error rendering via Host: header injectionEPSS 1.8%CVE-2024-56159HIGHServer source code is exposed to the public if sourcemaps are enabledEPSS 1.5%CVE-2025-64525MEDIUMAstro: URL manipulation via unsanitized headers leads to path-based middleware protections bypass, potential SSRF/cache-poisoning, CVE-2025-61925 bypassEPSS 1.1%CVE-2025-58179HIGHAstro Cloudflare adapter is vulnerable to Server-Side Request Forgery via /_image endpointEPSS 0.8%CVE-2025-55303MEDIUMUnauthorized third-party images in Astro’s _image endpointEPSS 0.6%CVE-2025-54793MEDIUMAstro: Duplicate trailing slash feature can lead to Open RedirectsEPSS 0.6%CVE-2025-55207MEDIUM@astrojs/node's trailing slash handling causes open redirect issueEPSS 0.5%CVE-2025-64765MEDIUMAstro middleware authentication checks based on url.pathname can be bypassed via url encoded valuesEPSS 0.5%CVE-2025-64764HIGHAstro is vulnerable to Reflected XSS via the server islands featureEPSS 0.4%CVE-2025-64757LOWAstro Development Server is Vulnerable to Arbitrary Local File ReadEPSS 0.4%CVE-2026-27729MEDIUMAstro has memory exhaustion DoS due to missing request body size limit in Server ActionsEPSS 0.4%CVE-2024-47885MEDIUMastro's client-side router has DOM Clobbering Gadget that leads to XSSEPSS 0.4%CVE-2025-61925MEDIUMAstro's `X-Forwarded-Host` is reflected with no validationEPSS 0.4%CVE-2026-29772MEDIUMAstro: Memory exhaustion DoS due to missing request body size limit in Server IslandsEPSS 0.4%CVE-2026-33768MEDIUMAstro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`EPSS 0.3%CVE-2026-33769LOWAstro: Remote allowlist bypass via unanchored matchPathname wildcardEPSS 0.3%CVE-2026-41248CRITICALOfficial Clerk JavaScript SDKs: Middleware-based route protection bypassEPSS 0.3%CVE-2025-59837HIGHastro allows bypass of image proxy domain validation leading to SSRF and potential XSSEPSS 0.3%CVE-2026-27829MEDIUMAstro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSizeEPSS 0.3%CVE-2025-66202MEDIUMAstro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765EPSS 0.3%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →