pkg:npm/@astrojs/node
7 total CVEsHIGH1MEDIUM5
✅ Check your installed version
All known vulnerabilities
HIGH8.6CVE-2026-25545Astro has Full-Read SSRF in error rendering via Host: header injection from 0, < 9.5.4
MEDIUM6.5CVE-2026-27829Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize >= 9.0.0, < 9.5.4
MEDIUM6.1CVE-2025-55303Astro allows unauthorized third-party images in _image endpoint from 0, < 9.1.1
MEDIUM5.9Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands
from 0, < 10.0.0
MEDIUM5.9Astro has memory exhaustion DoS due to missing request body size limit in Server Actions
>= 9.0.0, < 9.5.4
MEDIUM5.3Astro: Cache Poisoning due to incorrect error handling when if-match header is malformed
from 0, < 10.0.5
—@astrojs/node's trailing slash handling causes open redirect issue
from 0, < 9.4.1