Known Vulnerabilities for Astro by Withastro
Listed below are 7 of the newest known vulnerabilities associated with "Astro" by "Withastro".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-45028 json | Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity... | Not Provided | 2026-05-13 | 2026-05-13 |
| CVE-2026-41322 json | @astrojs/node allows Astro to deploy your SSR site to Node targets. Prior to 10.0.5, requesting a static js/css resources fro... | Not Provided | 2026-04-24 | 2026-04-25 |
| CVE-2026-41248 json | Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/... | Not Provided | 2026-04-24 | 2026-04-27 |
| CVE-2026-41067 json | Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case... | Not Provided | 2026-04-24 | 2026-04-24 |
| CVE-2026-30118 json | scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the ... | Not Provided | 2026-05-19 | 2026-05-19 |
| CVE-2026-30117 json | scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalar_url query parameter o... | Not Provided | 2026-05-19 | 2026-05-19 |
| CVE-2026-7591 json | A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function o... | Not Provided | 2026-05-01 | 2026-05-01 |