| 2026-06-16 | Astro: Host header SSRF in prerendered error page fetch Summary
Astro SSR apps with prerendered error pages (/404 or /500 using export const prerender = true) fetch those pages over HTTP at runtime when an error occurs. The URL for this fetch is derived from request.url, which in turn gets its origin from the incoming Host header. When the Host header is not validated against allowedDomains, an attacker can point the fetch at an arbitrary host and read the response.
Who is affected
This affects SSR deployments that:
- Have a prerendered 404 or…
Component: astro | High | < 6.4.6 | 6.4.6 | CVE-2026-54299 |
| 2026-06-16 | Astro: Reflected XSS via unescaped slot name Summary
When a component uses a client:* directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflected XSS during SSR.
This is similar to GHSA-wrwg-2hg8-v723 but exploits a different injection point.
Vulnerable Code
packages/astro/src/runtime/server/render/component.ts:371:376
// component.ts:371
`<template data-astro-template${ke…
Component: astro | High | < 6.3.3 | 6.3.3 | CVE-2026-50146 |
| 2026-06-16 | Astro: XSS via Unescaped Attribute Names in Spread Props Summary
The spreadAttributes function in Astro’s server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolates the key into the HTML output without escaping. When a developer uses the spread syntax {...props} on an HTML element and the object keys come from an untrusted source (API, CMS, URL parameters), an attacker can inject arbitrary HTML attributes including event handlers like onmousemove, onclick, or break out of the attribute context enti…
Component: astro | Medium | < 6.4.6 | 6.4.6 | CVE-2026-54298 |
| 2026-05-13 | Astro: Server island encrypted parameters vulnerable to cross-component replay Impact
Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component’s encrypted props (p) value as another component’s slots (s) value, or vice versa.
Since slots contain raw unescaped HTML while props may contain user-controlled values, this could lead to XSS in applications that meet all of the followi…
Component: astro | Low | < 6.1.10 | 6.1.10 | CVE-2026-45028 |
| 2026-04-21 | Astro: XSS in define:vars via incomplete </script> tag sanitization Summary
The defineScriptVars function in Astro’s server-side rendering pipeline uses a case-sensitive regex /<\/script>/g to sanitize values injected into inline <script> tags via the define:vars directive. HTML parsers close <script> elements case-insensitively and also accept whitespace or / before the closing >, allowing an attacker to bypass the sanitization with payloads like </Script>, </script >, or </script/> and inject arbitrary HTML/JavaScript.
Details
The vulnerable function…
Component: astro | Medium | < 6.1.6 | 6.1.6 | CVE-2026-41067 |
| 2026-03-26 | Astro: Remote allowlist bypass via unanchored matchPathname wildcard Summary
This issue concerns Astro’s remotePatterns path enforcement for remote URLs used by server-side fetchers such as the image optimization endpoint. The path matching logic for /* wildcards is unanchored, so a pathname that contains the allowed prefix later in the path can still match. As a result, an attacker can fetch paths outside the intended allowlisted prefix on an otherwise allowed host. In our PoC, both the allowed path and a bypass path returned 200 with the same SVG payload, confirming the by…
Component: astro | Low | >= 2.10.10, < 5.18.1 | 5.18.1 | CVE-2026-33769 |
| 2025-12-08 | Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765 Summary
A double URL encoding bypass allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. While the original CVE-2025-64765 (single URL encoding) was fixed in v5.15.8, the fix is insufficient as it only decodes once. By using double-encoded URLs like /%2561dmin instead of /%61dmin, attackers ca…
Component: astro | Medium | < 5.15.8 | 5.15.8 | CVE-2025-66202 |
| 2025-11-19 | Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint Summary
A Cross-Site Scripting (XSS) vulnerability exists in Astro when using the @astrojs/cloudflare adapter with output: 'server'. The built-in image optimization endpoint (/_image) uses isRemoteAllowed() from Astro’s internal helpers, which unconditionally allows data: URLs. When the endpoint receives a valid data: URL pointing to a malicious SVG containing JavaScript, and the Cloudflare-specific implementation performs a 302 redirect back to the original data: URL, the browser dir…
Component: astro | Medium | < 5.15.9 | 5.15.9 | CVE-2025-65019 |
| 2025-11-19 | Astro Development Server has Arbitrary Local File Read Summary
A vulnerability has been identified in the Astro framework’s development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote attackers to read any image file accessible to the Node.js process on the host system.
Details
- Title: Arbitrary Local File Read in Astro Development Image Endpoint
- Type: CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Trav…
Component: astro | Low | < 5.14.3 | 5.14.3 | CVE-2025-64757 |
| 2025-11-19 | Astro vulnerable to reflected XSS via the server islands feature Summary
After some research it appears that it is possible to obtain a reflected XSS when the server islands feature is used in the targeted application, regardless of what was intended by the component template(s).
Details
Server islands run in their own isolated context outside of the page request and use the following pattern path to hydrate the page: /_server-islands/[name]. These paths can be called via GET or POST and use three parameters:
e: component to exportp: the transmitted prope…
Component: astro | High | <= 5.15.6 | 5.15.8 | CVE-2025-64764 |
| 2025-11-19 | Astro’s middleware authentication checks based on url.pathname can be bypassed via url encoded values A mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI() to determine which route to render, while the middleware uses context.url.pathname without applying the same normalization (decodeURI).
This discrepancy may allow attackers to reach protected routes (e.g., /admin) using encoded path variants that pass routing but bypass validation checks.
https://github.com/withastro…
Component: astro | Medium | < 5.15.8 | 5.15.8 | CVE-2025-64765 |
| 2025-11-13 | Astro development server error page is vulnerable to reflected Cross-site Scripting Summary
A Reflected Cross-Site Scripting (XSS) vulnerability exists in Astro’s development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes in the victim’s browser context by crafting a malicious URL. While this vulnerability only affects the development server and not production builds, it could be exploited to compromise developer environments through social engineering or malicious links.
Details
Vulnerability L…
Component: astro | Low | >= 5.2.0, < 5.15.6 | 5.15.6 | CVE-2025-64745 |
| 2025-11-13 | Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass Summary
In impacted versions of Astro using on-demand rendering, request headers x-forwarded-proto and x-forwarded-port are insecurely used, without sanitization, to build the URL. This has several consequences the most important of which are:
- Middleware-based protected route bypass (only via
x-forwarded-proto)
- DoS via cache poisoning (if a CDN is present)
- SSRF (only via
x-forwarded-proto)
- URL pollution (potential SXSS, if a CDN is pre…
Component: astro | Medium | >= 2.16.0, < 5.15.5 | 5.15.5 | CVE-2025-64525 |
| 2025-10-28 | Astro’s bypass of image proxy domain validation leads to SSRF and potential XSS
Component: astro | High | >= 5.13.4, < 5.13.10 | 5.13.10 | CVE-2025-59837 |
| 2025-10-10 | Astro’s X-Forwarded-Host is reflected without validation Summary
When running Astro in on-demand rendering mode using a adapter such as the node adapter it is possible to maliciously send an X-Forwarded-Host header that is reflected when using the recommended Astro.url property as there is no validation that the value is safe.
Details
Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation.
It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers…
Component: astro | Medium | < 5.14.3 | 5.14.3 | CVE-2025-61925 |
| 2025-08-19 | Astro allows unauthorized third-party images in _image endpoint Summary
In affected versions of astro, the image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served.
Details
On-demand rendered sites built with Astro include an /_image endpoint which returns optimized versions of images.
The /_image endpoint is restricted to processing local images bundled with the site and also supports remote images from domains the site developer has manually authorized (using the [`image.domai…
Component: astro | Medium | <= 4.16.18; >= 5.0.0-alpha.0, < 5.13.2 | 4.16.19, 5.13.2 | CVE-2025-55303 |
| 2025-08-07 | Astros’s duplicate trailing slash feature leads to an open redirection security issue Summary
There is an Open Redirection vulnerability in the trailing slash redirection logic when handling paths with double slashes. This allows an attacker to redirect users to arbitrary external domains by crafting URLs such as https://mydomain.com//malicious-site.com/. This increases the risk of phishing and other social engineering attacks.
This affects Astro >=5.2.0 sites that use on-demand rendering (SSR) with the Node or Cloudflare adapter. It does not affect static sites, or sites deployed to Netlify…
Component: astro | Medium | >= 5.2.0, < 5.12.8 | 5.12.8 | CVE-2025-54793 |
| 2024-12-19 | Astro’s server source code is exposed to the public if sourcemaps are enabled Summary
A bug in the build process allows any unauthenticated user to read parts of the server source code.
Details
During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible folder.
https://github.com/withastro/astro/blob/176fe9f113fd912f9b61e848b00bbcfecd6d5c2c/packages/astro/src/core/build/static-build.ts#L139
Any outside party can read them with an unauthorized HTTP GET request to the same server hosting the rest o…
Component: astro | High | <= 4.16.17; >= 5.0.0-alpha.0, < 5.0.8 | 4.16.18, 5.0.8 | CVE-2024-56159 |
| 2024-12-18 | Atro CSRF Middleware Bypass (security.checkOrigin) Summary
A bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks.
Details
When the security.checkOrigin configuration option is set to true, Astro middleware will perform a CSRF check. (Source code: https://github.com/withastro/astro/blob/6031962ab5f56457de986eb82bd24807e926ba1b/packages/astro/src/core/app/middlewares.ts)
For example, with the following Astro configuration:
// astro.config.mjs
import { defineConfig } from 'astro/config';
import node from '@astrojs/no…
Component: astro | Medium | < 4.16.17 | 4.16.17 | CVE-2024-56140 |
| 2024-10-14 | DOM Clobbering Gadget found in astro’s client-side router that leads to XSS Summary
A DOM Clobbering gadget has been discoverd in Astro’s client-side router. It can lead to cross-site scripting (XSS) in websites enables Astro’s client-side routing and has stored attacker-controlled scriptless HTML elements (i.e., iframe tags with unsanitized name attributes) on the destination pages.
Details
Backgrounds
DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a pos…
Component: astro | Medium | >= 3.0.0, < 4.16.1 | 4.16.1 | CVE-2024-47885 |
