Browse all 25 CVE security advisories affecting withastro. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Withastro is a static site generator designed to build fast, content-focused websites using modern web standards. Its core architecture relies on a component-based framework that compiles assets into static HTML, CSS, and JavaScript at build time. Security assessments have identified twenty-five Common Vulnerabilities and Exposures (CVEs) associated with the project, primarily stemming from its dependency ecosystem rather than the core engine itself. Historically, these vulnerabilities frequently involve remote code execution, cross-site scripting, and prototype pollution within third-party libraries used during the build process. While the static output reduces runtime attack surfaces, the build-time environment remains a critical vector for compromise. Notable incidents highlight risks related to insecure default configurations and insufficient input validation in plugin architectures. Developers must rigorously audit dependencies to mitigate these historically common vulnerability classes and ensure the integrity of the generated static assets.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41321 | @astrojs/cloudflare: SSRF via redirect following in Cloudflare image-binding-transform endpoint — @astrojs/cloudflareCWE-918 | 2.2 | Low | 2026-04-24 |
This page lists every published CVE security advisory associated with withastro. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.