Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

@astrojs/cloudflare

npm

Deploy your site to Cloudflare Workers

View on github.com · View on npmjs.org

Security Advisories for @astrojs/cloudflare in npm

Low
about 1 month ago

Cloudflare has SSRF via redirect following through its image-binding-transform endpoint (incomplete fix for GHSA-qpr4) GSA_kwCzR0hTQS04OGdtLWoyd3gtNThoNs4ABVs0

npm @astrojs/cloudflare
Potential
High
7 months ago

Astro's bypass of image proxy domain validation leads to SSRF and potential XSS GSA_kwCzR0hTQS1xY3ByLTY3OXEtcmhtMs4ABN8I

npm astro
Potential
Moderate
8 months ago

Astro's `X-Forwarded-Host` is reflected without validation GSA_kwCzR0hTQS01ZmY1LTlmY3ctdmc4OM4ABNQ_

npm astro
High
9 months ago

Server-Side Request Forgery via /_image endpoint in Astro Cloudflare adapter GSA_kwCzR0hTQS1xcHI0LWMzMzktN3ZxOM4ABLqn

npm @astrojs/cloudflare
Potential
Moderate
10 months ago

Astro allows unauthorized third-party images in _image endpoint GSA_kwCzR0hTQS14Zjh4LWo0cDItZjc0Oc4ABLM1

npm astro, @astrojs/node
Potential
Moderate
10 months ago

@astrojs/node's trailing slash handling causes open redirect issue GSA_kwCzR0hTQS05eDljLWdoYzUtamh3Oc4ABLJE

npm @astrojs/node
Potential
Moderate
10 months ago

Astros's duplicate trailing slash feature leads to an open redirection security issue GSA_kwCzR0hTQS1jcThjLXh2NjYtMzZnd84ABK2p

npm astro
Potential
High
over 1 year ago

Astro's server source code is exposed to the public if sourcemaps are enabled GSA_kwCzR0hTQS00OXc2LTczY3ctY2hqcs4ABCoF

npm astro
Potential
Moderate
over 1 year ago

Atro CSRF Middleware Bypass (security.checkOrigin) GSA_kwCzR0hTQS1jNHB3LTMzaDMtMzV4d84ABCjF

npm astro
Potential
Moderate
over 1 year ago

DOM Clobbering Gadget found in astro's client-side router that leads to XSS GSA_kwCzR0hTQS1tODV3LTNoOTUtaGNmOc4ABAQP

npm astro

Filter by Severity

Moderate 6 High 3 Low 1