pkg:npm/@astrojs/node

All known vulnerabilities

• HIGH8.6CVE-2026-25545Astro has Full-Read SSRF in error rendering via Host: header injection
  from 0, < 9.5.4
• MEDIUM6.5CVE-2026-27829Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize
  >= 9.0.0, < 9.5.4
• MEDIUM6.1CVE-2025-55303Astro allows unauthorized third-party images in _image endpoint
  from 0, < 9.1.1
• MEDIUM5.9CVE-2026-29772Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands
  from 0, < 10.0.0
• MEDIUM5.9CVE-2026-27729Astro has memory exhaustion DoS due to missing request body size limit in Server Actions
  >= 9.0.0, < 9.5.4
• MEDIUM5.3CVE-2026-41322Astro: Cache Poisoning due to incorrect error handling when if-match header is malformed
  from 0, < 10.0.5
• —CVE-2025-55207@astrojs/node's trailing slash handling causes open redirect issue
  from 0, < 9.4.1