Every CVE whose affected-product data names Astro @astrojs/node, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2026-25545 — CVSS 8.6 (high): Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page (eg…
CVE-2026-27829 — CVSS 6.5 (medium): Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing `image.domains` /…
CVE-2026-27729 — CVSS 5.9 (medium): Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to…
CVE-2026-29772 — CVSS 5.9 (medium): Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and parses the full request body as JSON…