Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

astro

Ecosystem:
npm
Package URL:
pkg:npm/astro
Total PRs:
32,333 Dependabot PRs
Latest PR:
about 9 hours ago
Unique Repositories:
6,632 repositories
Unique Repos (30 days):
457 repositories
Security Advisories
Astro Development Server has Arbitrary Local File Read
GHSA-x3h8-62x9-952g CVE-2025-64757 LOW published 4 months ago • updated about 1 month ago
### Summary A vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through th...
DOM Clobbering Gadget found in astro's client-side router that leads to XSS
GHSA-m85w-3h95-hcf9 CVE-2024-47885 MODERATE published over 1 year ago • updated 17 days ago
### Summary A DOM Clobbering gadget has been discoverd in Astro's client-side router. It can lead to cross-site scripting (XSS) in websites enable...
Astro's bypass of image proxy domain validation leads to SSRF and potential XSS
GHSA-qcpr-679q-rhm2 CVE-2025-59837 HIGH published 5 months ago • updated 24 days ago
### Summary This is a patch bypass of CVE-2025-58179 in commit [9ecf359](https://github.com/withastro/astro/commit/9ecf3598e2b29dd74614328fde3047e...
Atro CSRF Middleware Bypass (security.checkOrigin)
GHSA-c4pw-33h3-35xw CVE-2024-56140 MODERATE published over 1 year ago • updated 21 days ago
### Summary A bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. ### Details When the `security.checkOrigin` confi...
Astro's server source code is exposed to the public if sourcemaps are enabled
GHSA-49w6-73cw-chjr CVE-2024-56159 HIGH published over 1 year ago • updated 16 days ago
### Summary A bug in the build process allows any unauthenticated user to read parts of the server source code. ### Details During build, along wi...
View all 14 advisories
Recent PRs
RSS Feed
chore(deps): bump astro from 5.18.0 to 6.0.8

protomorph/astromorph #174

5.18.0 → 6.0.8 Major PR
Open about 9 hours ago 1 comment
protomorph
chore(deps): bump astro from 6.0.7 to 6.0.8

jrc1883/popkit-claude #335

6.0.7 → 6.0.8 Patch PR
Open about 10 hours ago 2 comments
jrc1883
Chore(deps-dev): Bump astro from 5.17.1 to 6.0.8

guardian/csnx #2333

5.17.1 → 6.0.8 Major PR
Open about 11 hours ago 1 comment
guardian
chore(deps): bump astro from 5.17.3 to 6.0.8

EVLBOX/docs #16

5.17.3 → 6.0.8 Major PR
Open about 11 hours ago 1 comment
EVLBOX
⬆️(deps): Bump astro from 5.17.2 to 6.0.8

sorokoletovdu/ruby-profile #21

5.17.2 → 6.0.8 Major PR
Open about 12 hours ago 1 comment
sorokoletovdu
chore(deps): bump astro from 5.18.0 to 5.18.1

Psycomy/tengoping.com #18

5.18.0 → 5.18.1 Patch PR
Open about 12 hours ago 2 comments
Psycomy
chore(deps): bump the all-minor-patch group with 14 updates

Takishima/volleykit #1058

6.0.5 → 6.0.8 Patch PR
Open about 13 hours ago 1 comment
Takishima
chore(deps): bump astro from 5.18.0 to 6.0.8

VitorMRodovalho/ai-pm-research-hub #53

5.18.0 → 6.0.8 Major PR
Open about 13 hours ago 2 comments
VitorMRodovalho
chore(deps): bump astro from 6.0.7 to 6.0.8

daiksud/daiksud.com #249

6.0.7 → 6.0.8 Patch PR
Closed about 15 hours ago 1 comment
daiksud
deps(deps): bump the all-dependencies group across 1 directory with 51 updates

zvineshielding/zvine-app #3

5.17.2 → 6.0.8 Major PR
Open about 15 hours ago 1 comment
zvineshielding
deps(deps): bump the all-dependencies group across 1 directory with 51 updates

Rheddot/dreamz2reality-site #6

5.17.2 → 6.0.8 Major PR
Open about 15 hours ago 1 comment
Rheddot
deps(deps): bump the all-dependencies group across 1 directory with 57 updates

alfaindomart/rsk-cms #9

5.16.6 → 6.0.8 Major PR
Open about 15 hours ago 1 comment
alfaindomart
deps(deps): bump the all-dependencies group across 1 directory with 41 updates

jetmobsol/serene #4

5.18.0 → 6.0.8 Major PR
Open about 16 hours ago 1 comment
jetmobsol
chore(deps): bump the astro-framework group with 13 updates

Karlbaey/Haku #94

5.18.0 → 6.0.8 Major PR
Open about 16 hours ago 2 comments
Karlbaey
chore(deps)(deps-dev): bump the astro group across 1 directory with 3 updates

hasegawa-101/hasegawa #70

5.18.0 → 6.0.8 Major PR
Open about 20 hours ago 2 comments
hasegawa-101
fix(deps): bump astro from 5.18.1 to 6.0.8

fullmetalbrackets/microblog #2

5.18.1 → 6.0.8 Major PR
Open about 21 hours ago 2 comments
fullmetalbrackets
build(deps): bump the npm_and_yarn group across 1 directory with 13 updates

millyreyes125-cmd/Cataclysm-BN #1

3.0.12 → 5.15.9 Major PR
Closed about 21 hours ago 2 comments
millyreyes125-cmd
Bump astro from 5.18.1 to 6.0.8

groupsmix/srcgroupsmi #40

5.18.1 → 6.0.8 Major PR
Open about 21 hours ago 2 comments
groupsmix
build(deps): bump the patch-updates group with 4 updates

amfajar/daily-blog #1

6.0.6 → 6.0.8 Patch PR
Open 1 day ago 1 comment
amfajar
Bump astro from 6.0.6 to 6.0.8 in /site

Limetric/pgferry #137

6.0.6 → 6.0.8 Patch PR
Open 1 day ago 2 comments
Limetric
docs: Bump the docs-deps group in /docs with 4 updates

ryansmith4/sheriff-mcp #4

6.0.7 → 6.0.8 Patch PR
Open 1 day ago 2 comments
ryansmith4
build(deps): bump the patch-updates group with 4 updates

AmongRuins/Firefly #1

6.0.6 → 6.0.8 Patch PR
Open 1 day ago 1 comment
AmongRuins
build(deps): bump the prod-dependencies group across 1 directory with 13 updates

FartLabs/pixel-planet #9

5.18.0 → 6.0.8 Major PR
Open 1 day ago 1 comment
FartLabs
chore(deps): bump the prod-dependencies group across 1 directory with 12 updates

Semkoo/niko-table-registry #73

5.18.0 → 6.0.8 Major PR
Open 1 day ago 1 comment
Semkoo
chore(deps-dev): bump the dev-deps group with 9 updates

mvlanga/mvlanga-com-astro #183

6.0.5 → 6.0.8 Patch PR
Open 1 day ago 2 comments
mvlanga
build(deps): Bump astro from 5.18.0 to 6.0.8

lm-stack/ybcs #3

5.18.0 → 6.0.8 Major PR
Closed 1 day ago 2 comments
lm-stack
Bump astro from 5.17.2 to 6.0.8

DJCodeOne/freshwax #26

5.17.2 → 6.0.8 Major PR
Open 1 day ago 1 comment
DJCodeOne
chore(deps): bump the dependencies group with 10 updates

dacrab/mise #28

6.0.4 → 6.0.8 Patch PR
Closed 2 days ago 1 comment
dacrab
chore(deps): bump the dependencies group with 3 updates

dacrab/ioannislo #27

6.0.4 → 6.0.8 Patch PR
Closed 2 days ago 1 comment
dacrab
chore: bump the astro group across 1 directory with 3 updates

Tsuyoshi84/tsuyoshi_dev #371

5.18.1 → 6.0.8 Major PR
Closed 2 days ago 2 comments
Tsuyoshi84
build(deps): bump astro from 6.0.5 to 6.0.8 in /docs

preechapon250/gh-aw #34

6.0.5 → 6.0.8 Patch PR
Open 2 days ago 1 comment
preechapon250
chore(deps): bump the npm_and_yarn group across 3 directories with 11 updates

sCOSTAkg/openai-agents-js #8

5.13.0 → 5.15.9 Minor PR
Open 2 days ago 1 comment
sCOSTAkg
chore(deps): bump the npm_and_yarn group across 3 directories with 11 updates

balajirajput96/openai-agents-js #11

5.13.1 → 5.15.9 Minor PR
Open 2 days ago 1 comment
balajirajput96
Bump astro from 6.0.5 to 6.0.8 in /storieviola-it

p16/storieviola.it #6

6.0.5 → 6.0.8 Patch PR
Closed 2 days ago 1 comment
p16
Bump the patch-minor group with 3 updates

zhaohao/neon #1

6.0.5 → 6.0.8 Patch PR
Open 2 days ago 1 comment
zhaohao
chore(deps): bump the test-canister-ts group in /canisters/test_canister_ts with 6 updates

irken-empire/ic-siwa #165

6.0.4 → 6.0.8 Patch PR
Open 2 days ago 2 comments
irken-empire
build(deps): Bump astro from 6.0.4 to 6.0.8

alexangas/alexangas-web #400

6.0.4 → 6.0.8 Patch PR
Open 2 days ago 1 comment
alexangas
npm: bump astro from 6.0.4 to 6.0.8 in /web

BaDaaS/cryptography.academy #1569

6.0.4 → 6.0.8 Patch PR
Open 3 days ago 1 comment
BaDaaS
Bump astro from 6.0.4 to 6.0.8

mooship/narvik #7

6.0.4 → 6.0.8 Patch PR
Open 3 days ago 1 comment
mooship
chore(deps): bump astro from 5.18.1 to 6.0.8

aRustyDev/aRustyDev #13

5.18.1 → 6.0.8 Major PR
Open 3 days ago 1 comment
aRustyDev
chore(deps): bump the npm_and_yarn group across 3 directories with 11 updates

balajirajput96/openai-agents-js #10

5.13.1 → 5.15.9 Minor PR
Closed 3 days ago 2 comments
balajirajput96
chore(deps): bump the npm_and_yarn group across 3 directories with 11 updates

sCOSTAkg/openai-agents-js #7

5.13.0 → 5.15.9 Minor PR
Open 3 days ago 2 comments
sCOSTAkg
build(deps): bump the patch-updates group with 2 updates

markd3ng/KIRARI #36

6.0.7 → 6.0.8 Patch PR
Open 3 days ago 1 comment
markd3ng
Bump the npm_and_yarn group across 2 directories with 11 updates

hectorgolf/hector.golf #26

5.15.6 → 5.15.9 Patch PR
Closed 3 days ago 2 comments
hectorgolf
Bump astro from 6.0.7 to 6.0.8

clintonsteiner/grace_thesis #98

6.0.7 → 6.0.8 Patch PR
Closed 3 days ago 1 comment
clintonsteiner
Bump the npm_and_yarn group across 2 directories with 12 updates

hectorgolf/hector.golf #23

5.15.6 → 5.15.9 Patch PR
Closed 3 days ago 1 comment
hectorgolf
chore(deps): bump astro from 5.18.0 to 6.0.7

cpps-unesp/site-cpps #135

5.18.0 → 6.0.7 Major PR
Open 3 days ago 1 comment
cpps-unesp
chore(deps): bump astro from 6.0.6 to 6.0.7

Bitti09/bgp.mom #161

6.0.6 → 6.0.7 Patch PR
Closed 3 days ago 2 comments
Bitti09
chore(deps): bump astro from 5.16.7 to 5.18.1

nblackburn/website #766

5.16.7 → 5.18.1 Minor PR
Open 3 days ago 3 comments
nblackburn
chore(deps): bump astro from 5.17.0 to 6.0.7

leonism/astro-batavia #50

5.17.0 → 6.0.7 Major PR
Open 3 days ago 4 comments
leonism
Package Details
Name: astro
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/astro
JSON API: View JSON
Security Advisories

14

Active advisories
HIGH 3
MODERATE 9
LOW 2
View All npm Advisories
Package Information
Description:

Astro is a modern site builder with web best practices, performance, and DX front-of-mind.

Repository: https://github.com/withastro/astro
Homepage: https://astro.build
Latest Release: 4.16.16
over 1 year ago
Dependent Repos: 18,705
Dependent Packages: 915
Downloads: 1,349,386
Ranking: Top 0.1941% by dependent repos Top 0.2899% by downloads Top 0.0943% by dependent pkgs
PR Status
Open 14,860 (46.0%)
Merged 3,432 (10.6%)
Closed 11,686 (36.1%)
PR Types
Minor 17,774 (55.0%)
Major 1,589 (4.9%)
Patch 10,599 (32.8%)